Re: Cannot activate Ignite with custom security plugin

2017-10-25 Thread Andrey Mashenkov 
Oh, you are right.
It looks already fixed.

On Tue, Oct 24, 2017 at 9:12 PM, calebs  wrote:

> I just checked out ignite-2.3 branch, and I'm gladly surprised to see the
> following two cases are already included in the GridRestProcessor.authorize
> method.
>
> case CLUSTER_ACTIVE:
> case CLUSTER_INACTIVE:
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>



-- 
Best regards,
Andrey V. Mashenkov

Re: Cannot activate Ignite with custom security plugin

2017-10-24 Thread calebs 
I just checked out ignite-2.3 branch, and I'm gladly surprised to see the
following two cases are already included in the GridRestProcessor.authorize
method.

case CLUSTER_ACTIVE:
case CLUSTER_INACTIVE: 



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

Re: Cannot activate Ignite with custom security plugin

2017-10-24 Thread Andrey Mashenkov 
Hi,

Looks like a bug, GridRestProcessor doesn't supports CLUSTER_ACTIVE
command.
However, command is present in rest command list (see enum GridRestCommand
code).


I've created a ticket for this [1]


[1] https://issues.apache.org/jira/browse/IGNITE-6741

On Tue, Oct 24, 2017 at 5:22 PM, calebs  wrote:

> Version: Ignite 2.2.
>
> Partial Ignite Config:
>
>  class="org.apache.ignite.configuration.IgniteConfiguration">
>
>
>
> class="org.apache.ignite.configuration.PersistentStoreConfiguration">
>  value="/tmp/ignite/work"/>
>
>
> 
>
> A jar that contains our custom security plugin for the security named
> ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs
> folder.
>
> Run ignite.sh to start the single data node and see
> ACSSecurityProcessor.start method is called.
>
> 10-23 20:46:16.567 [main ] INFO
> apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in
> 'sysMemPlc' memoryPolicy: ['ignite-sys-cache']]
> 10-23 20:46:16.601 [main ] INFO
> apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can
> be found at: /opt/ignite/libs/licenses
> 10-23 20:46:16.663 [main ] INFO
> internal.processors.plugin.IgnitePluginProcessor - Configured plugins:
> 10-23 20:46:16.664 [main ] INFO
> internal.processors.plugin.IgnitePluginProcessor -   ^-- ACSPluginProvider
> 1.0.0
> 10-23 20:46:16.664 [main ] INFO
> internal.processors.plugin.IgnitePluginProcessor -   ^-- MaxPoint
> 10-23 20:46:16.664 [main ] INFO
> internal.processors.plugin.IgnitePluginProcessor -
> 10-23 20:46:16.673 [main ] INFO  platform.auth.ignite.ACSSecurityProcessor
> -
> start
> 10-23 20:46:16.726 [main ] INFO  spi.communication.tcp.TcpCommunicationSpi
> -
> Successfully bound communication NIO server to TCP port [port=47100,
> locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0,
> pairedConn=false]
>
> Then run control.sh to activate
>
> /opt/ignite$ control.sh --port 11211 --activate
> Oct 23, 2017 8:48:29 PM
> org.apache.ignite.internal.client.impl.connection.
> GridClientNioTcpConnection
> 
> INFO: Client TCP connection established: /127.0.0.1:11211
> Oct 23, 2017 8:48:30 PM
> org.apache.ignite.internal.client.impl.GridClientImpl 
> INFO: Client started [id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae,
> protocol=TCP]
>
> Then, I see ACSSecurityProcessor.authenticate is called, but then followed
> by Unexpected command: CLUSTER_ACTIVE exception.
>
> 10-23 20:48:29.688 [rest-#46%cdev_cluster%] INFO
> platform.auth.ignite.ACSSecurityProcessor - authenticate:
> id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, login=null
> 10-23 20:48:30.051 [rest-#47%cdev_cluster%] ERROR
> internal.processors.rest.GridRestProcessor - Client request execution
> failed
> with error.
> java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(
> GridRestProcessor.java:817)
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor.
> handleRequest(GridRestProcessor.java:250)
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(
> GridRestProcessor.java:91)
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(
> GridRestProcessor.java:157)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 10-23 20:48:30.056 [rest-#47%cdev_cluster%] ERROR
> internal.processors.rest.GridRestProcessor - Runtime error caught during
> grid runnable execution: GridWorker [name=rest-proc-worker,
> igniteInstanceName=cdev_cluster, finished=false, hashCode=328132029,
> interrupted=false, runner=rest-#47%cdev_cluster%]
> java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(
> GridRestProcessor.java:817)
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor.
> handleRequest(GridRestProcessor.java:250)
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(
> GridRestProcessor.java:91)
> at
> org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(
> GridRestProcessor.java:157)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>
> As I examine the source code of GridRestProcessor at line 817
>
> /**
>  * @param req REST request.
>  * @param sCtx

Cannot activate Ignite with custom security plugin

2017-10-24 Thread calebs 
Version: Ignite 2.2.

Partial Ignite Config:


   
   
   
   

   
   


A jar that contains our custom security plugin for the security named
ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs
folder.

Run ignite.sh to start the single data node and see
ACSSecurityProcessor.start method is called.

10-23 20:46:16.567 [main ] INFO 
apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in
'sysMemPlc' memoryPolicy: ['ignite-sys-cache']]
10-23 20:46:16.601 [main ] INFO 
apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can
be found at: /opt/ignite/libs/licenses
10-23 20:46:16.663 [main ] INFO 
internal.processors.plugin.IgnitePluginProcessor - Configured plugins:
10-23 20:46:16.664 [main ] INFO 
internal.processors.plugin.IgnitePluginProcessor -   ^-- ACSPluginProvider
1.0.0
10-23 20:46:16.664 [main ] INFO 
internal.processors.plugin.IgnitePluginProcessor -   ^-- MaxPoint
10-23 20:46:16.664 [main ] INFO 
internal.processors.plugin.IgnitePluginProcessor -
10-23 20:46:16.673 [main ] INFO  platform.auth.ignite.ACSSecurityProcessor -
start
10-23 20:46:16.726 [main ] INFO  spi.communication.tcp.TcpCommunicationSpi -
Successfully bound communication NIO server to TCP port [port=47100,
locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0, pairedConn=false]

Then run control.sh to activate

/opt/ignite$ control.sh --port 11211 --activate
Oct 23, 2017 8:48:29 PM
org.apache.ignite.internal.client.impl.connection.GridClientNioTcpConnection

INFO: Client TCP connection established: /127.0.0.1:11211
Oct 23, 2017 8:48:30 PM
org.apache.ignite.internal.client.impl.GridClientImpl 
INFO: Client started [id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, protocol=TCP]

Then, I see ACSSecurityProcessor.authenticate is called, but then followed
by Unexpected command: CLUSTER_ACTIVE exception.

10-23 20:48:29.688 [rest-#46%cdev_cluster%] INFO 
platform.auth.ignite.ACSSecurityProcessor - authenticate:
id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, login=null
10-23 20:48:30.051 [rest-#47%cdev_cluster%] ERROR
internal.processors.rest.GridRestProcessor - Client request execution failed
with error.
java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(GridRestProcessor.java:817)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.handleRequest(GridRestProcessor.java:250)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(GridRestProcessor.java:91)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(GridRestProcessor.java:157)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
10-23 20:48:30.056 [rest-#47%cdev_cluster%] ERROR
internal.processors.rest.GridRestProcessor - Runtime error caught during
grid runnable execution: GridWorker [name=rest-proc-worker,
igniteInstanceName=cdev_cluster, finished=false, hashCode=328132029,
interrupted=false, runner=rest-#47%cdev_cluster%]
java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(GridRestProcessor.java:817)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.handleRequest(GridRestProcessor.java:250)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(GridRestProcessor.java:91)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(GridRestProcessor.java:157)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

As I examine the source code of GridRestProcessor at line 817

/**
 * @param req REST request.
 * @param sCtx Security context.
 * @throws SecurityException If authorization failed.
 */
private void authorize(GridRestRequest req, SecurityContext sCtx) throws
SecurityException {
SecurityPermission perm = null;
String name = null;

switch (req.command()) {
case CACHE_GET:
case CACHE_CONTAINS_KEY:
case CACHE_CONTAINS_KEYS:

case NAME:
case LOG:
break;

default:
throw new AssertionError("Unexpected command: " +
req.command());   <- line 817
}

if (perm != null)
ctx.security().authorize(name, perm, sCtx);
}

So, why command