Re: Cannot activate Ignite with custom security plugin
Oh, you are right. It looks already fixed. On Tue, Oct 24, 2017 at 9:12 PM, calebswrote: > I just checked out ignite-2.3 branch, and I'm gladly surprised to see the > following two cases are already included in the GridRestProcessor.authorize > method. > > case CLUSTER_ACTIVE: > case CLUSTER_INACTIVE: > > > > -- > Sent from: http://apache-ignite-users.70518.x6.nabble.com/ > -- Best regards, Andrey V. Mashenkov
Re: Cannot activate Ignite with custom security plugin
I just checked out ignite-2.3 branch, and I'm gladly surprised to see the following two cases are already included in the GridRestProcessor.authorize method. case CLUSTER_ACTIVE: case CLUSTER_INACTIVE: -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Cannot activate Ignite with custom security plugin
Hi, Looks like a bug, GridRestProcessor doesn't supports CLUSTER_ACTIVE command. However, command is present in rest command list (see enum GridRestCommand code). I've created a ticket for this [1] [1] https://issues.apache.org/jira/browse/IGNITE-6741 On Tue, Oct 24, 2017 at 5:22 PM, calebswrote: > Version: Ignite 2.2. > > Partial Ignite Config: > > class="org.apache.ignite.configuration.IgniteConfiguration"> > > > > class="org.apache.ignite.configuration.PersistentStoreConfiguration"> > value="/tmp/ignite/work"/> > > > > > A jar that contains our custom security plugin for the security named > ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs > folder. > > Run ignite.sh to start the single data node and see > ACSSecurityProcessor.start method is called. > > 10-23 20:46:16.567 [main ] INFO > apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in > 'sysMemPlc' memoryPolicy: ['ignite-sys-cache']] > 10-23 20:46:16.601 [main ] INFO > apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can > be found at: /opt/ignite/libs/licenses > 10-23 20:46:16.663 [main ] INFO > internal.processors.plugin.IgnitePluginProcessor - Configured plugins: > 10-23 20:46:16.664 [main ] INFO > internal.processors.plugin.IgnitePluginProcessor - ^-- ACSPluginProvider > 1.0.0 > 10-23 20:46:16.664 [main ] INFO > internal.processors.plugin.IgnitePluginProcessor - ^-- MaxPoint > 10-23 20:46:16.664 [main ] INFO > internal.processors.plugin.IgnitePluginProcessor - > 10-23 20:46:16.673 [main ] INFO platform.auth.ignite.ACSSecurityProcessor > - > start > 10-23 20:46:16.726 [main ] INFO spi.communication.tcp.TcpCommunicationSpi > - > Successfully bound communication NIO server to TCP port [port=47100, > locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0, > pairedConn=false] > > Then run control.sh to activate > > /opt/ignite$ control.sh --port 11211 --activate > Oct 23, 2017 8:48:29 PM > org.apache.ignite.internal.client.impl.connection. > GridClientNioTcpConnection > > INFO: Client TCP connection established: /127.0.0.1:11211 > Oct 23, 2017 8:48:30 PM > org.apache.ignite.internal.client.impl.GridClientImpl > INFO: Client started [id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, > protocol=TCP] > > Then, I see ACSSecurityProcessor.authenticate is called, but then followed > by Unexpected command: CLUSTER_ACTIVE exception. > > 10-23 20:48:29.688 [rest-#46%cdev_cluster%] INFO > platform.auth.ignite.ACSSecurityProcessor - authenticate: > id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, login=null > 10-23 20:48:30.051 [rest-#47%cdev_cluster%] ERROR > internal.processors.rest.GridRestProcessor - Client request execution > failed > with error. > java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE > at > org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize( > GridRestProcessor.java:817) > at > org.apache.ignite.internal.processors.rest.GridRestProcessor. > handleRequest(GridRestProcessor.java:250) > at > org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100( > GridRestProcessor.java:91) > at > org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body( > GridRestProcessor.java:157) > at > org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110) > at > java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > 10-23 20:48:30.056 [rest-#47%cdev_cluster%] ERROR > internal.processors.rest.GridRestProcessor - Runtime error caught during > grid runnable execution: GridWorker [name=rest-proc-worker, > igniteInstanceName=cdev_cluster, finished=false, hashCode=328132029, > interrupted=false, runner=rest-#47%cdev_cluster%] > java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE > at > org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize( > GridRestProcessor.java:817) > at > org.apache.ignite.internal.processors.rest.GridRestProcessor. > handleRequest(GridRestProcessor.java:250) > at > org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100( > GridRestProcessor.java:91) > at > org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body( > GridRestProcessor.java:157) > at > org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110) > at > java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > > As I examine the source code of GridRestProcessor at line 817 > > /** > * @param req REST request. > * @param sCtx
Cannot activate Ignite with custom security plugin
Version: Ignite 2.2. Partial Ignite Config: A jar that contains our custom security plugin for the security named ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs folder. Run ignite.sh to start the single data node and see ACSSecurityProcessor.start method is called. 10-23 20:46:16.567 [main ] INFO apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in 'sysMemPlc' memoryPolicy: ['ignite-sys-cache']] 10-23 20:46:16.601 [main ] INFO apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can be found at: /opt/ignite/libs/licenses 10-23 20:46:16.663 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - Configured plugins: 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - ^-- ACSPluginProvider 1.0.0 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - ^-- MaxPoint 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - 10-23 20:46:16.673 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - start 10-23 20:46:16.726 [main ] INFO spi.communication.tcp.TcpCommunicationSpi - Successfully bound communication NIO server to TCP port [port=47100, locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0, pairedConn=false] Then run control.sh to activate /opt/ignite$ control.sh --port 11211 --activate Oct 23, 2017 8:48:29 PM org.apache.ignite.internal.client.impl.connection.GridClientNioTcpConnection INFO: Client TCP connection established: /127.0.0.1:11211 Oct 23, 2017 8:48:30 PM org.apache.ignite.internal.client.impl.GridClientImpl INFO: Client started [id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, protocol=TCP] Then, I see ACSSecurityProcessor.authenticate is called, but then followed by Unexpected command: CLUSTER_ACTIVE exception. 10-23 20:48:29.688 [rest-#46%cdev_cluster%] INFO platform.auth.ignite.ACSSecurityProcessor - authenticate: id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, login=null 10-23 20:48:30.051 [rest-#47%cdev_cluster%] ERROR internal.processors.rest.GridRestProcessor - Client request execution failed with error. java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE at org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(GridRestProcessor.java:817) at org.apache.ignite.internal.processors.rest.GridRestProcessor.handleRequest(GridRestProcessor.java:250) at org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(GridRestProcessor.java:91) at org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(GridRestProcessor.java:157) at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 10-23 20:48:30.056 [rest-#47%cdev_cluster%] ERROR internal.processors.rest.GridRestProcessor - Runtime error caught during grid runnable execution: GridWorker [name=rest-proc-worker, igniteInstanceName=cdev_cluster, finished=false, hashCode=328132029, interrupted=false, runner=rest-#47%cdev_cluster%] java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE at org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(GridRestProcessor.java:817) at org.apache.ignite.internal.processors.rest.GridRestProcessor.handleRequest(GridRestProcessor.java:250) at org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(GridRestProcessor.java:91) at org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(GridRestProcessor.java:157) at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) As I examine the source code of GridRestProcessor at line 817 /** * @param req REST request. * @param sCtx Security context. * @throws SecurityException If authorization failed. */ private void authorize(GridRestRequest req, SecurityContext sCtx) throws SecurityException { SecurityPermission perm = null; String name = null; switch (req.command()) { case CACHE_GET: case CACHE_CONTAINS_KEY: case CACHE_CONTAINS_KEYS: case NAME: case LOG: break; default: throw new AssertionError("Unexpected command: " + req.command()); <- line 817 } if (perm != null) ctx.security().authorize(name, perm, sCtx); } So, why command