You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by franck102 <fr...@yahoo.com> on 2017/08/22 10:55:51 UTC
Custom SecurityCredentialsProvider and SecurityCredentials
Hi all,
I can't figure out how to install a custom security credentials provider?
The javadoc says
... however GridClientConfiguration hardcodes an instance of
SecurityCredentialsBasicProvider, and ServerImpl directly gets credentials
from node.attributes(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS).
Am I missing something, is it possible to install a custom provider that
uses a subclass of SecurityContext?
Thanks!
Franck
--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Custom-SecurityCredentialsProvider-and-SecurityCredentials-tp16360.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Custom SecurityCredentialsProvider and SecurityCredentials
Posted by vkulichenko <va...@gmail.com>.
Hi Frank,
Sorry for late response. SecurityCredentialsProvider is not used in Ignite
code because Ignite doesn't provide any implementations of SecurityProcessor
out of the box. If you want to make your cluster secure, you need to
implement it and configure as a part of your own custom plugin. There are
also 3rd party solutions like GridGain that provide such implementations as
paid offerings.
-Val
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Custom SecurityCredentialsProvider and SecurityCredentials
Posted by franck102 <fr...@yahoo.com>.
What is even more confusing is that SecurityCredentialsProvider is in fact
only used in GridClient and GridTcpRouter configurations. If I understans
correctly GridClient is in turn only used by the cmd line client, and by the
deprecated legacy jdbc connection.
So, what is the proper strategy for supplying custom credentials or better a
custom credential provider for a client node?
The only way I see is to get locNode.attributes to contain a
org.apache.ignite.security.cred key however that can't even be set from
user attributes in the configuration...
Franck
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Custom SecurityCredentialsProvider and SecurityCredentials
Posted by franck102 <fr...@yahoo.com>.
I can implement my own flavor of SecurityCredentialsProvider yes.
But the Ignite code will not use it no matter what I do - unless I missed
something.
Franck
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Custom SecurityCredentialsProvider and SecurityCredentials
Posted by vkulichenko <va...@gmail.com>.
Franck,
The JavaDoc simply tells that SecurityCredentialsProvider and you are free
to provide custom implementation (which, for example, will fetch them from
some external source, e.g. a file). Provided
SecurityCredentialsBasicProvider is a basic implementation that is usually
used to provide credentials directly in configuration.
Can you clarify what is wrong there?
-Val
--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Custom-SecurityCredentialsProvider-and-SecurityCredentials-tp16360p16386.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Custom SecurityCredentialsProvider and SecurityCredentials
Posted by franck102 <fr...@yahoo.com>.
Hi Slava,
Yes I found that post and I have my own GridSecurityProcessor plugin
successfully installed. However that doesn't help with registering a custom
SecurityCredentialProvider (unless I missed something in the article?).
That being said I have been able to stuff what I needed in
SecurityCredentials.userObject, so I am all set; it's just that the javadoc
in SecurityCredentialsProvider seems to describe something that you can't
actually achieve...
Thanks,
Franck
--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Custom-SecurityCredentialsProvider-and-SecurityCredentials-tp16360p16376.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Re: Custom SecurityCredentialsProvider and SecurityCredentials
Posted by "slava.koptilin" <sl...@gmail.com>.
Hi Franck,
Yes, Apache Ignite provides SecurityCredentialsBasicProvider out of the box,
which can be used if it is OK to specify credentials directly in
configuration,
and of course you can implement your own provider.
I think the following topic will be helpful
http://apache-ignite-users.70518.x6.nabble.com/Custom-GridSecurityProcessor-plugin-question-td4942.html
Thanks!
--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Custom-SecurityCredentialsProvider-and-SecurityCredentials-tp16360p16368.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.