Examples with SecurityCredentials org.apache.ignite.plugin.security.SecurityCredentials used on opensource projects

Search in sources :

Example 16 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class ServerImpl method joinTopology.

/**
 * Tries to join this node to topology.
 *
 * @throws IgniteSpiException If any error occurs.
 */
private void joinTopology() throws IgniteSpiException {
    synchronized (mux) {
        assert spiState == CONNECTING || spiState == DISCONNECTED;
        spiState = CONNECTING;
    }
    SecurityCredentials locCred = (SecurityCredentials) locNode.getAttributes().get(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS);
    boolean auth = false;
    if (spi.nodeAuth != null && spi.nodeAuth.isGlobalNodeAuthentication()) {
        localAuthentication(locCred);
        auth = true;
    }
    // Marshal credentials for backward compatibility and security.
    marshalCredentials(locNode, locCred);
    DiscoveryDataPacket discoveryData = spi.collectExchangeData(new DiscoveryDataPacket(getLocalNodeId()));
    TcpDiscoveryJoinRequestMessage joinReqMsg = new TcpDiscoveryJoinRequestMessage(locNode, discoveryData);
    joinReqMsg.spanContainer().span(tracing.create(TraceableMessagesTable.traceName(joinReqMsg.getClass())).addTag(SpanTags.tag(SpanTags.EVENT_NODE, SpanTags.ID), () -> locNode.id().toString()).addTag(SpanTags.tag(SpanTags.EVENT_NODE, SpanTags.CONSISTENT_ID), () -> locNode.consistentId().toString()).addLog(() -> "Created"));
    tracing.messages().beforeSend(joinReqMsg);
    while (true) {
        if (!sendJoinRequestMessage(joinReqMsg)) {
            if (log.isDebugEnabled())
                log.debug("Join request message has not been sent (local node is the first in the topology).");
            if (!auth && spi.nodeAuth != null)
                localAuthentication(locCred);
            // TODO IGNITE-11272
            FutureTask<Void> fut = msgWorker.addTask(new FutureTask<Void>() {

                @Override
                protected Void body() {
                    pendingCustomMsgs.clear();
                    msgWorker.pendingMsgs.reset(null, null, null);
                    msgWorker.next = null;
                    failedNodes.clear();
                    leavingNodes.clear();
                    failedNodesMsgSent.clear();
                    locNode.attributes().remove(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS);
                    locNode.order(1);
                    locNode.internalOrder(1);
                    spi.gridStartTime = U.currentTimeMillis();
                    locNode.visible(true);
                    ring.clear();
                    ring.topologyVersion(1);
                    synchronized (mux) {
                        topHist.clear();
                        spiState = CONNECTED;
                        mux.notifyAll();
                    }
                    notifyDiscovery(EVT_NODE_JOINED, 1, locNode, joinReqMsg.spanContainer());
                    return null;
                }
            });
            try {
                fut.get();
            } catch (IgniteCheckedException e) {
                throw new IgniteSpiException(e);
            }
            msgWorker.nullifyDiscoData();
            break;
        }
        if (log.isDebugEnabled())
            log.debug("Join request message has been sent (waiting for coordinator response).");
        synchronized (mux) {
            long timeout = spi.netTimeout;
            long thresholdNanos = System.nanoTime() + U.millisToNanos(timeout);
            while (spiState == CONNECTING && timeout > 0) {
                try {
                    mux.wait(timeout);
                    timeout = U.nanosToMillis(thresholdNanos - System.nanoTime());
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    throw new IgniteSpiException("Thread has been interrupted.", e);
                }
            }
            if (spiState == CONNECTED)
                break;
            else if (spiState == DUPLICATE_ID)
                throw spi.duplicateIdError((TcpDiscoveryDuplicateIdMessage) joinRes.get());
            else if (spiState == AUTH_FAILED)
                throw spi.authenticationFailedError((TcpDiscoveryAuthFailedMessage) joinRes.get());
            else if (spiState == CHECK_FAILED)
                throw spi.checkFailedError((TcpDiscoveryCheckFailedMessage) joinRes.get());
            else if (spiState == RING_FAILED) {
                throw new IgniteSpiException("Unable to connect to next nodes in a ring, it seems local node is " + "experiencing connectivity issues or the rest of the cluster is undergoing massive restarts. " + "Failing local node join to avoid case when one node fails a big part of cluster. To disable" + " this behavior set TcpDiscoverySpi.setConnectionRecoveryTimeout() to 0. " + "[connRecoveryTimeout=" + spi.connRecoveryTimeout + ", effectiveConnRecoveryTimeout=" + spi.getEffectiveConnectionRecoveryTimeout() + ']');
            } else if (spiState == LOOPBACK_PROBLEM) {
                TcpDiscoveryLoopbackProblemMessage msg = (TcpDiscoveryLoopbackProblemMessage) joinRes.get();
                boolean locHostLoopback = spi.locHost.isLoopbackAddress();
                String firstNode = locHostLoopback ? "local" : "remote";
                String secondNode = locHostLoopback ? "remote" : "local";
                throw new IgniteSpiException("Failed to add node to topology because " + firstNode + " node is configured to use loopback address, but " + secondNode + " node is not " + "(consider changing 'localAddress' configuration parameter) " + "[locNodeAddrs=" + U.addressesAsString(locNode) + ", rmtNodeAddrs=" + U.addressesAsString(msg.addresses(), msg.hostNames()) + ", creatorNodeId=" + msg.creatorNodeId() + ']');
            } else
                LT.warn(log, "Node has not been connected to topology and will repeat join process. " + "Check remote nodes logs for possible error messages. " + "Note that large topology may require significant time to start. " + "Increase 'TcpDiscoverySpi.networkTimeout' configuration property " + "if getting this message on the starting nodes [networkTimeout=" + spi.netTimeout + ']');
        }
    }
    assert locNode.order() != 0;
    assert locNode.internalOrder() != 0;
    if (log.isDebugEnabled())
        log.debug("Discovery SPI has been connected to topology with order: " + locNode.internalOrder());
    joinReqMsg.spanContainer().span().addTag(SpanTags.tag(SpanTags.NODE, SpanTags.ORDER), () -> String.valueOf(locNode.order())).addLog(() -> "Joined to ring").end();
}
Also used : TcpDiscoveryAuthFailedMessage(org.apache.ignite.spi.discovery.tcp.messages.TcpDiscoveryAuthFailedMessage) TcpDiscoveryLoopbackProblemMessage(org.apache.ignite.spi.discovery.tcp.messages.TcpDiscoveryLoopbackProblemMessage) SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) DiscoveryDataPacket(org.apache.ignite.spi.discovery.tcp.internal.DiscoveryDataPacket) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) IgniteSpiException(org.apache.ignite.spi.IgniteSpiException) TcpDiscoveryJoinRequestMessage(org.apache.ignite.spi.discovery.tcp.messages.TcpDiscoveryJoinRequestMessage)

Example 17 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class InvalidServerTest method getConfiguration.

/**
 * {@inheritDoc}
 */
@Override
protected IgniteConfiguration getConfiguration(String instanceName, AbstractTestSecurityPluginProvider pluginProv) throws Exception {
    IgniteConfiguration cfg = super.getConfiguration(instanceName, pluginProv);
    cfg.setDiscoverySpi(new TcpDiscoverySpi() {

        @Override
        protected void startMessageProcess(TcpDiscoveryAbstractMessage msg) {
            if (msg instanceof TcpDiscoveryNodeAddedMessage && msg.verified())
                TestSecurityProcessor.PERMS.remove(new SecurityCredentials(TEST_SERVER_NAME, ""));
        }
    }.setIpFinder(LOCAL_IP_FINDER));
    return cfg;
}
Also used : SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) IgniteConfiguration(org.apache.ignite.configuration.IgniteConfiguration) TcpDiscoveryAbstractMessage(org.apache.ignite.spi.discovery.tcp.messages.TcpDiscoveryAbstractMessage) TcpDiscoveryNodeAddedMessage(org.apache.ignite.spi.discovery.tcp.messages.TcpDiscoveryNodeAddedMessage) TcpDiscoverySpi(org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi)

Example 18 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class TestCertificateSecurityProcessor method start.

/**
 * {@inheritDoc}
 */
@Override
public void start() throws IgniteCheckedException {
    super.start();
    ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, new SecurityCredentials("", ""));
    for (TestSecurityData data : predefinedAuthData) PERMS.put(data.credentials().getLogin().toString(), data.getPermissions());
}
Also used : SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)

Example 19 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class IsolatedDiscoverySpi method spiStart.

/**
 * {@inheritDoc}
 */
@Override
public void spiStart(@Nullable String igniteInstanceName) throws IgniteSpiException {
    if (nodeAuth != null) {
        try {
            SecurityCredentials locSecCred = (SecurityCredentials) locNode.attributes().get(ATTR_SECURITY_CREDENTIALS);
            Map<String, Object> attrs = withSecurityContext(authenticateLocalNode(locNode, locSecCred, nodeAuth), locNode.attributes(), marsh);
            attrs.remove(ATTR_SECURITY_CREDENTIALS);
            locNode.setAttributes(attrs);
        } catch (IgniteCheckedException e) {
            throw new IgniteSpiException("Failed to authenticate local node (will shutdown local node).", e);
        }
    }
    exec.execute(() -> {
        lsnr.onLocalNodeInitialized(locNode);
        lsnr.onDiscovery(new DiscoveryNotification(EVT_NODE_JOINED, 1, locNode, singleton(locNode)));
    });
}
Also used : SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) DiscoveryNotification(org.apache.ignite.spi.discovery.DiscoveryNotification) IgniteSpiException(org.apache.ignite.spi.IgniteSpiException)

Example 20 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class GridJettyRestHandler method credentials.

/**
 * @param params Parameters.
 * @param userParam Parameter name to take user name.
 * @param pwdParam Parameter name to take password.
 * @param restReq Request to add credentials if any.
 * @return {@code true} If params contains credentials.
 */
private boolean credentials(Map<String, String> params, String userParam, String pwdParam, GridRestRequest restReq) {
    boolean hasCreds = params.containsKey(userParam) || params.containsKey(pwdParam);
    if (hasCreds) {
        SecurityCredentials cred = new SecurityCredentials(params.get(userParam), params.get(pwdParam));
        restReq.credentials(cred);
    }
    return hasCreds;
}
Also used : SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)

Aggregations

SecurityCredentials (org.apache.ignite.plugin.security.SecurityCredentials)21 IgniteCheckedException (org.apache.ignite.IgniteCheckedException)8 SecurityCredentialsBasicProvider (org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider)5 ClusterNode (org.apache.ignite.cluster.ClusterNode)4 SecurityContext (org.apache.ignite.internal.processors.security.SecurityContext)4 IgniteSpiException (org.apache.ignite.spi.IgniteSpiException)4 ArrayList (java.util.ArrayList)3 List (java.util.List)3 UUID (java.util.UUID)3 IgniteClientDisconnectedException (org.apache.ignite.IgniteClientDisconnectedException)3 IgniteException (org.apache.ignite.IgniteException)3 IgniteInterruptedException (org.apache.ignite.IgniteInterruptedException)3 DiscoveryEvent (org.apache.ignite.events.DiscoveryEvent)3 IgniteClientDisconnectedCheckedException (org.apache.ignite.internal.IgniteClientDisconnectedCheckedException)3 IgniteKernal (org.apache.ignite.internal.IgniteKernal)3 GridClient (org.apache.ignite.internal.client.GridClient)3 GridClientConfiguration (org.apache.ignite.internal.client.GridClientConfiguration)3 AuthenticationContext (org.apache.ignite.plugin.security.AuthenticationContext)3 Map (java.util.Map)2 CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial