Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 077BC200D27 for ; Wed, 25 Oct 2017 23:30:44 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id F352B160BDA; Wed, 25 Oct 2017 21:30:43 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 365C71609CE for ; Wed, 25 Oct 2017 23:30:43 +0200 (CEST) Received: (qmail 14351 invoked by uid 500); 25 Oct 2017 21:30:42 -0000 Mailing-List: contact user-help@ignite.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@ignite.apache.org Delivered-To: mailing list user@ignite.apache.org Received: (qmail 14340 invoked by uid 99); 25 Oct 2017 21:30:42 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Oct 2017 21:30:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 57A2DC3E57 for ; Wed, 25 Oct 2017 21:30:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.172 X-Spam-Level: ** X-Spam-Status: No, score=2.172 tagged_above=-999 required=6.31 tests=[DKIM_ADSP_CUSTOM_MED=0.001, NML_ADSP_CUSTOM_MED=1.2, SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.972] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id jkwXHQaFao1H for ; Wed, 25 Oct 2017 21:30:40 +0000 (UTC) Received: from n6.nabble.com (n6.nabble.com [162.255.23.37]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 0D8B05FD71 for ; Wed, 25 Oct 2017 21:30:40 +0000 (UTC) Received: from n6.nabble.com (localhost [127.0.0.1]) by n6.nabble.com (Postfix) with ESMTP id 3C88B278F733 for ; Wed, 25 Oct 2017 14:30:38 -0700 (MST) Date: Wed, 25 Oct 2017 14:30:38 -0700 (MST) From: calebs To: user@ignite.apache.org Message-ID: <1508967038244-0.post@n6.nabble.com> Subject: How can I get Ignite security plugin to work with JDBC thin client? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit archived-at: Wed, 25 Oct 2017 21:30:44 -0000 Version: Ignite 2.3-SNAPSHOT from ignite-2.3 branch. A jar that contains our custom security plugin for the security named ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs folder. Run ignite.sh to start the single data node and see ACSSecurityProcessor.start method is called. 10-23 20:46:16.567 [main ] INFO apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in 'sysMemPlc' memoryPolicy: ['ignite-sys-cache']] 10-23 20:46:16.601 [main ] INFO apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can be found at: /opt/ignite/libs/licenses 10-23 20:46:16.663 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - Configured plugins: 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - ^-- ACSPluginProvider 1.0.0 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - ^-- MaxPoint 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - 10-23 20:46:16.673 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - start 10-23 20:46:16.726 [main ] INFO spi.communication.tcp.TcpCommunicationSpi - Successfully bound communication NIO server to TCP port [port=47100, locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0, pairedConn=false] Use Ignite JDBC thin driver to connect to the cluster with user & password properties. Then I see ACSSecurityProcessor - authenticate as shown below. But the login is null. Also, I can see ACSSecurityProcessor.authorize is called for CACHE_PUT when I execute INSERT or DELETE statements, but I do not see ACSSecurityProcessor.authorize is called for CACHE_READ. /opt/ignite/log$ grep platform.auth.ignite ignite.log 10-25 14:56:35.182 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - start 10-25 14:56:35.779 [main ] INFO platform.auth.ignite.ACSPluginProvider - start 10-25 14:56:35.810 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - authenticateNode: id=cdb8bd19-d1b0-4d54-a982-01abdc83761a, hosts=[shei1], address=[0:0:0:0:0:0:0:1%lo, 127.0.0.1, 172.16.128.96] 10-25 14:56:35.858 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - onKernalStart(false) 10-25 14:56:35.891 [main ] INFO platform.auth.ignite.ACSPluginProvider - onIgniteStart 10-25 14:57:09.417 [rest-#44%cdev_cluster%] INFO platform.auth.ignite.ACSSecurityProcessor - authenticate: id=b5052d01-5a1c-47ea-9bb1-0ee89519bde7, login=null 10-25 15:01:21.862 [client-connector-#79%cdev_cluster%] WARN platform.auth.ignite.ACSSecurityProcessor - authorize: name=SQL_PUBLIC_TEST1, permission=CACHE_PUT 10-25 15:01:55.818 [client-connector-#80%cdev_cluster%] WARN platform.auth.ignite.ACSSecurityProcessor - authorize: name=SQL_PUBLIC_TEST1, permission=CACHE_PUT The code for ACSSecurityProcessor.authenticate is @Override public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException { ACSSecuritySubject subject = (ACSSecuritySubject)userMap.get(authCtx.subjectId()); if(subject == null) { subject = new ACSSecuritySubject(authCtx.subjectId(), authCtx.credentials(), authCtx.address()); if(logger.isInfoEnabled()) { logger.info("authenticate: id=" + subject.id() + ", login=" + subject.login()); } userMap.put(authCtx.subjectId(), subject); } return new ACSSecurityContext(subject); } where subject.login() will return null if authCtx.credentials() is null. So here, I have two questions: 1. How can I get authCtx.credentials() to return the not null credentials when I use the thin driver with user/password properties? 2. How can I get ACSSecurityProcessor.authorize invoked for CACHE_READ for any SELECT query? -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/