Authorization Plugin

classic Classic list List threaded Threaded
7 messages Options
Sergio Hernández Martínez Sergio Hernández Martínez
Reply | Threaded
Open this post in threaded view
|

Authorization Plugin

hi everyone,

I'm developing my own authorization plugin. I've arrived to a point that i'm blocked.

My code is:

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
        if (securityContext.subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            System.out.println("You cannot entry");
        }
    }

I have a problem, always securityContext is null. But in my code i have:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
                authenticationContext.subjectId(),
                authenticationContext.subjectType(),
                authenticationContext.credentials().getLogin(),
                authenticationContext.address()
        );

        return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}



 /**
     * @param op Operation to check.
     * @throws SecurityException If security check failed.
     */
    public void checkSecurity(SecurityPermission op) throws SecurityException {
        if (CU.isSystemCache(name()))
            return;

        ctx.security().authorize(name(), op, null);
    }

In security context always is null. Why? Am I missing something in my code?

Thank's for your help.
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authorization Plugin

Hello!

Please refer to SecurityContextHolder - get(), push(), pop().

When getting null you can just do SecurityContextHolder.get().

Regards,
--
Ilya Kasnacheev


пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez <[hidden email]>:
hi everyone,

I'm developing my own authorization plugin. I've arrived to a point that i'm blocked.

My code is:

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
        if (securityContext.subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            System.out.println("You cannot entry");
        }
    }

I have a problem, always securityContext is null. But in my code i have:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
                authenticationContext.subjectId(),
                authenticationContext.subjectType(),
                authenticationContext.credentials().getLogin(),
                authenticationContext.address()
        );

        return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}



 /**
     * @param op Operation to check.
     * @throws SecurityException If security check failed.
     */
    public void checkSecurity(SecurityPermission op) throws SecurityException {
        if (CU.isSystemCache(name()))
            return;

        ctx.security().authorize(name(), op, null);
    }

In security context always is null. Why? Am I missing something in my code?

Thank's for your help.
Sergio Hernández Martínez Sergio Hernández Martínez
Reply | Threaded
Open this post in threaded view
|

RE: Authorization Plugin

Hi Ilya,

Thank you for you tip, but push(), pop() is in master code. I'm using stable version 2.7.0 and i'm getting the same error. My new code is:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {

    if (authenticationContext.credentials().getLogin()==null) {
        System.out.println("Usuario: null is not Authorizated to Connect");
        return null;
    }

    System.out.println("subjectId: " + authenticationContext.subjectId().toString());

    SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );

    SecurityContext securityContext = new SecurityPluginSecurityContext(securityPluginSecuritySubject);

    SecurityContextHolder.set(securityContext);

    return securityContext;
}

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
    if (securityContext==null) {
        if (SecurityContextHolder.get().subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            throw new SecurityException("You cannot entry");
        }
    }
}

And the error message in ignite node is:

[14:21:27,829][SEVERE][client-connector-#48][ClientListenerNioListener] Failed to process client request [req=o.a.i.i.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest@af561fe]
java.lang.NullPointerException
at org.serhermar.ignite.security.SecurityPluginProcessor.authorize(SecurityPluginProcessor.java:74)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheCreate(GridCacheProcessor.java:3738)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheChange(GridCacheProcessor.java:3756)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.initiateCacheChanges(GridCacheProcessor.java:3665)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.lambda$dynamicStartCache$0(GridCacheProcessor.java:3232)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3245)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3153)
at org.apache.ignite.internal.IgniteKernal.createCache(IgniteKernal.java:2922)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.lambda$process$0(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequest.runWithSecurityExceptionHandler(ClientRequest.java:70)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.process(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.handle(ClientRequestHandler.java:57)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:162)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:45)
at org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
at org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
at org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

SecurityContextHolder.get().subject().login() is null.

Thanks you!



De: Ilya Kasnacheev <[hidden email]>
Enviado: jueves, 14 de febrero de 2019 17:11
Para: [hidden email]
Asunto: Re: Authorization Plugin
 
Hello!

Please refer to SecurityContextHolder - get(), push(), pop().

When getting null you can just do SecurityContextHolder.get().

Regards,
--
Ilya Kasnacheev


пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez <[hidden email]>:
hi everyone,

I'm developing my own authorization plugin. I've arrived to a point that i'm blocked.

My code is:

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
        if (securityContext.subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            System.out.println("You cannot entry");
        }
    }

I have a problem, always securityContext is null. But in my code i have:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
                authenticationContext.subjectId(),
                authenticationContext.subjectType(),
                authenticationContext.credentials().getLogin(),
                authenticationContext.address()
        );

        return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}



 /**
     * @param op Operation to check.
     * @throws SecurityException If security check failed.
     */
    public void checkSecurity(SecurityPermission op) throws SecurityException {
        if (CU.isSystemCache(name()))
            return;

        ctx.security().authorize(name(), op, null);
    }

In security context always is null. Why? Am I missing something in my code?

Thank's for your help.
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authorization Plugin

Hello!

I guess you will have to fill this context yourself for calls which supply null as context. Then maybe put it in holder.

Regards,
--
Ilya Kasnacheev


сб, 16 февр. 2019 г. в 16:28, Sergio Hernández Martínez <[hidden email]>:
Hi Ilya,

Thank you for you tip, but push(), pop() is in master code. I'm using stable version 2.7.0 and i'm getting the same error. My new code is:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {

    if (authenticationContext.credentials().getLogin()==null) {
        System.out.println("Usuario: null is not Authorizated to Connect");
        return null;
    }

    System.out.println("subjectId: " + authenticationContext.subjectId().toString());

    SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );

    SecurityContext securityContext = new SecurityPluginSecurityContext(securityPluginSecuritySubject);

    SecurityContextHolder.set(securityContext);

    return securityContext;
}

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
    if (securityContext==null) {
        if (SecurityContextHolder.get().subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            throw new SecurityException("You cannot entry");
        }
    }
}

And the error message in ignite node is:

[14:21:27,829][SEVERE][client-connector-#48][ClientListenerNioListener] Failed to process client request [req=o.a.i.i.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest@af561fe]
java.lang.NullPointerException
at org.serhermar.ignite.security.SecurityPluginProcessor.authorize(SecurityPluginProcessor.java:74)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheCreate(GridCacheProcessor.java:3738)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheChange(GridCacheProcessor.java:3756)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.initiateCacheChanges(GridCacheProcessor.java:3665)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.lambda$dynamicStartCache$0(GridCacheProcessor.java:3232)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3245)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3153)
at org.apache.ignite.internal.IgniteKernal.createCache(IgniteKernal.java:2922)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.lambda$process$0(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequest.runWithSecurityExceptionHandler(ClientRequest.java:70)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.process(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.handle(ClientRequestHandler.java:57)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:162)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:45)
at org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
at org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
at org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

SecurityContextHolder.get().subject().login() is null.

Thanks you!



De: Ilya Kasnacheev <[hidden email]>
Enviado: jueves, 14 de febrero de 2019 17:11
Para: [hidden email]
Asunto: Re: Authorization Plugin
 
Hello!

Please refer to SecurityContextHolder - get(), push(), pop().

When getting null you can just do SecurityContextHolder.get().

Regards,
--
Ilya Kasnacheev


пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez <[hidden email]>:
hi everyone,

I'm developing my own authorization plugin. I've arrived to a point that i'm blocked.

My code is:

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
        if (securityContext.subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            System.out.println("You cannot entry");
        }
    }

I have a problem, always securityContext is null. But in my code i have:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
                authenticationContext.subjectId(),
                authenticationContext.subjectType(),
                authenticationContext.credentials().getLogin(),
                authenticationContext.address()
        );

        return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}



 /**
     * @param op Operation to check.
     * @throws SecurityException If security check failed.
     */
    public void checkSecurity(SecurityPermission op) throws SecurityException {
        if (CU.isSystemCache(name()))
            return;

        ctx.security().authorize(name(), op, null);
    }

In security context always is null. Why? Am I missing something in my code?

Thank's for your help.
Sergio Hernández Martínez Sergio Hernández Martínez
Reply | Threaded
Open this post in threaded view
|

RE: Authorization Plugin

Hello!

I'm already putting in authenticate method the security context in SecurityContextHolder:

SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );
    SecurityContext securityContext = new SecurityPluginSecurityContext(securityPluginSecuritySubject);
    SecurityContextHolder.set(securityContext);

But when I want to authorize, i'm getting NULL on SecurityContextHolder

Thank's you!



De: Ilya Kasnacheev <[hidden email]>
Enviado: lunes, 18 de febrero de 2019 12:10
Para: Sergio Hernández Martínez
Cc: [hidden email]
Asunto: Re: Authorization Plugin
 
Hello!

I guess you will have to fill this context yourself for calls which supply null as context. Then maybe put it in holder.

Regards,
--
Ilya Kasnacheev


сб, 16 февр. 2019 г. в 16:28, Sergio Hernández Martínez <[hidden email]>:
Hi Ilya,

Thank you for you tip, but push(), pop() is in master code. I'm using stable version 2.7.0 and i'm getting the same error. My new code is:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {

    if (authenticationContext.credentials().getLogin()==null) {
        System.out.println("Usuario: null is not Authorizated to Connect");
        return null;
    }

    System.out.println("subjectId: " + authenticationContext.subjectId().toString());

    SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );

    SecurityContext securityContext = new SecurityPluginSecurityContext(securityPluginSecuritySubject);

    SecurityContextHolder.set(securityContext);

    return securityContext;
}

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
    if (securityContext==null) {
        if (SecurityContextHolder.get().subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            throw new SecurityException("You cannot entry");
        }
    }
}

And the error message in ignite node is:

[14:21:27,829][SEVERE][client-connector-#48][ClientListenerNioListener] Failed to process client request [req=o.a.i.i.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest@af561fe]
java.lang.NullPointerException
at org.serhermar.ignite.security.SecurityPluginProcessor.authorize(SecurityPluginProcessor.java:74)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheCreate(GridCacheProcessor.java:3738)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheChange(GridCacheProcessor.java:3756)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.initiateCacheChanges(GridCacheProcessor.java:3665)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.lambda$dynamicStartCache$0(GridCacheProcessor.java:3232)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3245)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3153)
at org.apache.ignite.internal.IgniteKernal.createCache(IgniteKernal.java:2922)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.lambda$process$0(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequest.runWithSecurityExceptionHandler(ClientRequest.java:70)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.process(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.handle(ClientRequestHandler.java:57)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:162)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:45)
at org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
at org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
at org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

SecurityContextHolder.get().subject().login() is null.

Thanks you!



De: Ilya Kasnacheev <[hidden email]>
Enviado: jueves, 14 de febrero de 2019 17:11
Para: [hidden email]
Asunto: Re: Authorization Plugin
 
Hello!

Please refer to SecurityContextHolder - get(), push(), pop().

When getting null you can just do SecurityContextHolder.get().

Regards,
--
Ilya Kasnacheev


пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez <[hidden email]>:
hi everyone,

I'm developing my own authorization plugin. I've arrived to a point that i'm blocked.

My code is:

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
        if (securityContext.subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            System.out.println("You cannot entry");
        }
    }

I have a problem, always securityContext is null. But in my code i have:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
                authenticationContext.subjectId(),
                authenticationContext.subjectType(),
                authenticationContext.credentials().getLogin(),
                authenticationContext.address()
        );

        return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}



 /**
     * @param op Operation to check.
     * @throws SecurityException If security check failed.
     */
    public void checkSecurity(SecurityPermission op) throws SecurityException {
        if (CU.isSystemCache(name()))
            return;

        ctx.security().authorize(name(), op, null);
    }

In security context always is null. Why? Am I missing something in my code?

Thank's for your help.
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authorization Plugin

Hello!

Please note that SecurityContextHolder is thread-local.

You might need to have a fixed instance of SecurityContext in your processor as opposed to getting it from holder when you don't need thread locality.
--
Ilya Kasnacheev


пн, 18 февр. 2019 г. в 14:22, Sergio Hernández Martínez <[hidden email]>:
Hello!

I'm already putting in authenticate method the security context in SecurityContextHolder:

SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );
    SecurityContext securityContext = new SecurityPluginSecurityContext(securityPluginSecuritySubject);
    SecurityContextHolder.set(securityContext);

But when I want to authorize, i'm getting NULL on SecurityContextHolder

Thank's you!



De: Ilya Kasnacheev <[hidden email]>
Enviado: lunes, 18 de febrero de 2019 12:10
Para: Sergio Hernández Martínez
Cc: [hidden email]
Asunto: Re: Authorization Plugin
 
Hello!

I guess you will have to fill this context yourself for calls which supply null as context. Then maybe put it in holder.

Regards,
--
Ilya Kasnacheev


сб, 16 февр. 2019 г. в 16:28, Sergio Hernández Martínez <[hidden email]>:
Hi Ilya,

Thank you for you tip, but push(), pop() is in master code. I'm using stable version 2.7.0 and i'm getting the same error. My new code is:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {

    if (authenticationContext.credentials().getLogin()==null) {
        System.out.println("Usuario: null is not Authorizated to Connect");
        return null;
    }

    System.out.println("subjectId: " + authenticationContext.subjectId().toString());

    SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );

    SecurityContext securityContext = new SecurityPluginSecurityContext(securityPluginSecuritySubject);

    SecurityContextHolder.set(securityContext);

    return securityContext;
}

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
    if (securityContext==null) {
        if (SecurityContextHolder.get().subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            throw new SecurityException("You cannot entry");
        }
    }
}

And the error message in ignite node is:

[14:21:27,829][SEVERE][client-connector-#48][ClientListenerNioListener] Failed to process client request [req=o.a.i.i.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest@af561fe]
java.lang.NullPointerException
at org.serhermar.ignite.security.SecurityPluginProcessor.authorize(SecurityPluginProcessor.java:74)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheCreate(GridCacheProcessor.java:3738)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheChange(GridCacheProcessor.java:3756)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.initiateCacheChanges(GridCacheProcessor.java:3665)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.lambda$dynamicStartCache$0(GridCacheProcessor.java:3232)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3245)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3153)
at org.apache.ignite.internal.IgniteKernal.createCache(IgniteKernal.java:2922)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.lambda$process$0(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequest.runWithSecurityExceptionHandler(ClientRequest.java:70)
at org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.process(ClientCacheCreateWithConfigurationRequest.java:57)
at org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.handle(ClientRequestHandler.java:57)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:162)
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:45)
at org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
at org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
at org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

SecurityContextHolder.get().subject().login() is null.

Thanks you!



De: Ilya Kasnacheev <[hidden email]>
Enviado: jueves, 14 de febrero de 2019 17:11
Para: [hidden email]
Asunto: Re: Authorization Plugin
 
Hello!

Please refer to SecurityContextHolder - get(), push(), pop().

When getting null you can just do SecurityContextHolder.get().

Regards,
--
Ilya Kasnacheev


пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez <[hidden email]>:
hi everyone,

I'm developing my own authorization plugin. I've arrived to a point that i'm blocked.

My code is:

public void authorize(String s, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
        if (securityContext.subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            System.out.println("You cannot entry");
        }
    }

I have a problem, always securityContext is null. But in my code i have:

public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        SecurityPluginSecuritySubject securityPluginSecuritySubject = new SecurityPluginSecuritySubject(
                authenticationContext.subjectId(),
                authenticationContext.subjectType(),
                authenticationContext.credentials().getLogin(),
                authenticationContext.address()
        );

        return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}



 /**
     * @param op Operation to check.
     * @throws SecurityException If security check failed.
     */
    public void checkSecurity(SecurityPermission op) throws SecurityException {
        if (CU.isSystemCache(name()))
            return;

        ctx.security().authorize(name(), op, null);
    }

In security context always is null. Why? Am I missing something in my code?

Thank's for your help.
Alexey Kuznetsov-2 Alexey Kuznetsov-2
Reply | Threaded
Open this post in threaded view
|

Re: Authorization Plugin

In reply to this post by Sergio Hernández Martínez
Hi, Sergio!

May be this article will be useful for you: http://smartkey.co.uk/development/securing-an-apache-ignite-cluster

--
Alexey Kuznetsov