You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Nikolay Izhikov (Jira)" <ji...@apache.org> on 2021/12/06 08:32:00 UTC

[jira] [Updated] (IGNITE-15969) Enabling authentication requires the client node to enable persistence in the configuration

     [ https://issues.apache.org/jira/browse/IGNITE-15969?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nikolay Izhikov updated IGNITE-15969:
-------------------------------------
    Labels: ise newbie  (was: newbie)

> Enabling authentication requires the client node to enable persistence in the configuration
> -------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-15969
>                 URL: https://issues.apache.org/jira/browse/IGNITE-15969
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.11
>            Reporter: Ilya Shishkov
>            Assignee: Ilya Shishkov
>            Priority: Minor
>              Labels: ise, newbie
>         Attachments: ClientNodeAuthFailureReproducer.patch
>
>
> When you start cluster with turned on built-in authentication it requires to enable persistence too [1].
> This requirement seems to be useless for client nodes, because they has no persistence, but without persistence client node would fail during start up with below error:
> {code:java}
> class org.apache.ignite.IgniteCheckedException: Authentication can be enabled only for cluster with enabled persistence. Check the DataRegionConfiguration
> 	at org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor.startProcessor(IgniteAuthenticationProcessor.java:166)
> 	at org.apache.ignite.internal.IgniteKernal.start(IgniteKernal.java:1259)
> 	at org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.start0(IgnitionEx.java:2141)
> 	at org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.start(IgnitionEx.java:1787)
> 	at org.apache.ignite.internal.IgnitionEx.start0(IgnitionEx.java:1172)
> 	at org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:642)
> {code}
> Reproducer: [^ClientNodeAuthFailureReproducer.patch] 
> It slightly modifies AuthenticationConfigurationClusterTest an it leads to failure of tests: the existing #testClientNodeJoinDisabled and added in the patch #testEnabledAuthenticationOnClientNode.
> It seems that here [2] we should add check whether starting up node is client or not:
> {code:java}
>     /** Starts processor. */
>     public void startProcessor() throws IgniteCheckedException {
>         if (!GridCacheUtils.isPersistenceEnabled(ctx.config())) { // here client node fails
>             throw new IgniteCheckedException("Authentication can be enabled only for cluster with enabled persistence."
>                 + " Check the DataRegionConfiguration");
>         }
> {code}
> Links:
>  # [https://ignite.apache.org/docs/latest/security/authentication]
>  # [https://github.com/apache/ignite/blob/master/modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java#L165]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)