Hi,
I have implemented the grid security processor and setting the
securityconext holder in the authenticate function as below,
public class MySecurityProcessor extends GridProcessorAdapter implements
DiscoverySpiNodeAuthenticator, GridSecurityProcessor, IgnitePlugin
{
................
public SecurityContext authenticate(AuthenticationContext
authenticationContext) throws IgniteCheckedException
{
SecuritySubject secureSecuritySubject = new SecuritySubject(
authenticationContext.subjectId(),
authenticationContext.subjectType(),
authenticationContext.credentials().getLogin(),
authenticationContext.address()
);
SecurityContext securityContext = new
MySecurityContext(secureSecuritySubject, accessToken);
SecurityContextHolder.set(securityContext);
return securityContext;
}
public void authorize(String name, SecurityPermission perm, SecurityContext
securityCtx) throws SecurityException {
System.out.println( SecurityContextHolder.get());
System.out.println( securityCtx );
//do some authorization
.....................
}
public boolean isGlobalNodeAuthentication() {
// TODO Auto-generated method stub
return false;
}
..............
}
In plugin provider i am creating the component : GridSecurityProcessor.
During Rest api call:
-> when rest call is made authorise function in the security processor is
getting called twice one by the GridRestProcessor and another
GridCacheProcessor, is it mandatory to call that twice? When authorise
function is called by the GridRestProcessor security context is available
but when the GridCacheProcessor is called security context is coming as
null always. Hence the security context is not available in the authorise
function. So i used the SecurityContextHolder.get() to get the security
context.
But for some of the commands SecurityContextHolder.get() is not working
like prepend and append.
-> When cache create and cache destroy is made, authorise function is
receiving the name as NULL. Why is it so? Because based on the name i am
trying to validate wheather the user is allowed to perform this action
During Sqlline access:
-> authorise function receive the security context as NULL always . So used
the SecurityContextHolder.get() , but still getting NULL. How do i get the
context?
-> While performing create table and drop table, the authorise function
is receiving the name as NULL.
One last question: when the security context is null(during rest call or
sqlline access), can we use the local node context in the authorise
function?
Regards
Radha
