You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by pragmaticbigdata <am...@gmail.com> on 2016/08/19 06:31:14 UTC
Implementing Security Plugin
I am using apache ignite version 1.6 and trying to implement a security
plugin by following the post
(http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/).
Since the plugin API has changed after the blog post, I am unable to
activate the plugin and configure only an authenticated and authorized
client to join the cluster.
I implemented the marker interfaces PluginConfiguration and IgnitePlugin
along with PluginProvider & GridSecurityProcessor. I have passed the
instance of PluginConfiguration to the IgniteConfiguration class through
cfg.setPluginConfigurations() method. Ignite doesn't seem to call any of the
PluginProvider implementation methods. I also do get the below message
during start up (for both the server/client)
Security status [*authentication=off*, tls/ssl=off]
which indicates that the authentication is not activated.
Can someone guide me on what could be missing?
Thanks.
--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Implementing-Security-Plugin-tp7162.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Implementing Security Plugin
Posted by Alexey Goncharuk <al...@gmail.com>.
You need to implement only GridSecurityProcessor and return implementation
instance from PluginProvider#createComponent().
DiscoverySpiNodeAuthenticator is an internal interface and Ignite already
has an implementation which delegates to
GridSecurityProcessor#authenticateNode().
2016-08-19 11:52 GMT+03:00 pragmaticbigdata <am...@gmail.com>:
> On further troubleshooting, I came across the DiscoverySpiNodeAuthenticator
> interface. It seems that the authenticateNode() method is getting called on
> the server node whenever a node (client/server) joins the cluster.
> 1. Is this (DiscoverySpiNodeAuthenticator) the only interface we need to
> implement then to add a secured access support to our ignite deployment?
> 2. None of the methods of the security context returned in the
> DiscoverySpiNodeAuthenticator.authenticateNode() method are getting
> called.
> Where should add the code that validates the username/password?
>
> Kindly let me know your thoughts. Thanks
>
>
>
> --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/Implementing-Security-Plugin-tp7162p7164.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>
Re: Implementing Security Plugin
Posted by pragmaticbigdata <am...@gmail.com>.
On further troubleshooting, I came across the DiscoverySpiNodeAuthenticator
interface. It seems that the authenticateNode() method is getting called on
the server node whenever a node (client/server) joins the cluster.
1. Is this (DiscoverySpiNodeAuthenticator) the only interface we need to
implement then to add a secured access support to our ignite deployment?
2. None of the methods of the security context returned in the
DiscoverySpiNodeAuthenticator.authenticateNode() method are getting called.
Where should add the code that validates the username/password?
Kindly let me know your thoughts. Thanks
--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Implementing-Security-Plugin-tp7162p7164.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Implementing Security Plugin
Posted by Alexey Goncharuk <al...@gmail.com>.
Hi,
The plugin activation mechanism changed since RC1 to Java Service Provider
[1]. You need to add a META-INF/services/your.plugin.Provider entry to your
plugin jar in order for plugin to be activated. The file name should be the
fully-qualified name of your plugin provider and it should contain a single
string with the same fully-qualified name of the provider.
If you've done everything right, you should see your plugin in the list of
configured plugins in the node startup log.
I will add a corresponding entry to the documentation when I get a spare
minute.
Hope this helps,
AG
[1] https://docs.oracle.com/javase/tutorial/ext/basics/spi.html
2016-08-19 9:31 GMT+03:00 pragmaticbigdata <am...@gmail.com>:
> I am using apache ignite version 1.6 and trying to implement a security
> plugin by following the post
> (http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/).
> Since the plugin API has changed after the blog post, I am unable to
> activate the plugin and configure only an authenticated and authorized
> client to join the cluster.
>
> I implemented the marker interfaces PluginConfiguration and IgnitePlugin
> along with PluginProvider & GridSecurityProcessor. I have passed the
> instance of PluginConfiguration to the IgniteConfiguration class through
> cfg.setPluginConfigurations() method. Ignite doesn't seem to call any of
> the
> PluginProvider implementation methods. I also do get the below message
> during start up (for both the server/client)
> Security status [*authentication=off*, tls/ssl=off]
> which indicates that the authentication is not activated.
>
> Can someone guide me on what could be missing?
>
> Thanks.
>
>
>
>
> --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/Implementing-Security-Plugin-tp7162.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>