Reputation: 1545
Authentication for Apache Ignite 2.5
I would like to implement authentication for all the nodes of the cluster (client and server should provide username and password to join the cluster). I tried to use the latest version, which the documentation claims to provide authentication, but it doesn't implement it for all the nodes; it's just for the new thin java client.
First question: is my understanding correct, or am I missing something?
I also tried to implement the authentication of all the nodes using the GridSecurityProcessor interface, as part of a custom plugin (by following this guide http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/ and other discussions on the public mailing list).
I got the plugin to be recognized by the server node, but I can't wire my implementation of the SecurityCredentialsProvider to Ignite; it seems Ignite doesn't use it. The question is similar to this one: http://apache-ignite-users.70518.x6.nabble.com/Custom-SecurityCredentialsProvider-and-SecurityCredentials-td16360.html.
As a consequence, when GridSecurityProcessor.authenticateNode(ClusterNode node, SecurityCredentials cred) is called, cred is null.
Second question: How to hook SecurityCredentialsProvider and SecurityCredentials to Ignite, so that it will call the authorizeNode method from my plugin, with these credentials?
Upvotes: 1
Views: 976
Answers (1)
Reputation: 1545
I managed to implement authentication with using the plugin system recommended by the documentation. I followed these steps:
- Created a class extending the TcpDiscoverySpi and implements DiscoverySpiNodeAuthenticator. In it I pass the SecurityCredentials object as a constructor parameter.
`
public CustomTcpDiscoverySpi(final SecurityCredentials securityCredentials) {
this.securityCredentials = securityCredentials;
this.setAuthenticator(this);
}
- In this class, I override the setNodeAttributes from TcpDiscoverySpi to add the securityCredentials object like this:
`
@Override
public void setNodeAttributes(final Map<String, Object> attrs, final IgniteProductVersion ver) {
attrs.put(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, this.securityCredentials);
super.setNodeAttributes(attrs, ver);
}
I also implement the authenticateNode method where I check the SecurityCredentials object of this class with the one received as a parameter on the authenticateNode method. This method returns an implementation of SecurityContext if authentication succeeded or null if not; so you need to implement it as you like. For example to give full access with no authorization, just return true for all the ****operationAllowed methods and return null in subject() method.
In IgniteConfiguration, use this class as discoverySpi: cfg.setDiscoverySpi(customTcpDiscoverySpi);
Upvotes: 2
Related Questions
- apache server authentication
- Apache Ignite Authorization
- enabling authentication in ignite
- Implementing Authentication in IgniteDB
- Apache ignite jdbc Connection credential
- Ignite authentication value showing "off" though it is enabled
- Plugin, authenticateNode NotSerializableException
- How to authenticate a web application using Apache syncope?
- User authentication on Resin webserver
- Apache basic authentication