Re: custom plugin question - jdbc client
Hi Taras I am slightly confused. You are mentioning sslcontext and looking at those related classes it doesn't appear to offer authentication and authorization. Here is where i currently am with this project. I have a white list plugin that i will apply to server nodes when they join. I have yet to implement a check to see if the node is a client or a server so my assumption at this point is all nodes (clients and servers) will be validated against the white list. The next step is to add user authentication (not the ignite built-in version) and also authorization to lock down what users can access and do. my current additional classes are: WhiteListPluginConfiguration implements PluginConfiguration WhiteListPluginProvider implements PluginProvider WhiteListSecurityProcessor implements DiscoverySpiNodeAuthenticator, GridSecurityProcessor, IgnitePlugin Can you please advise on my next steps such as: 1) what classes i need to override and implement for authentication and authorization 2) do i need a new plugin or can i extend the one i have written 3) once i have implemented the new classes, where to i override to call into them 4) do i need to change the code in the odbc and jdbc code base to include my authentication and authorization My goal here is to be able to 1) prevent a vanilla client from connecting without implementing my security 2) enforce odbc and jdbc and java\.net clients authentication and authorization I really appreciate any guidance here as there is no documentation to support doing this. Thanks Wayne -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: custom plugin question - jdbc client
Hi, You are absolutely right. In case you use thin JDBC driver (recommended): 1. You have to define SSLContext factory for client connector for Ignite node [1] 2. And setup SSL socket factory for Ignite thin JDBC driver [2] If you are going to use JDBCv2 driver please keep in mind that the JDBCv2 driver starts the Ignite client node to connect to Ignite cluster and read the documentation [3] [1] org.apache.ignite.configuration.ClientConnectorConfiguration#setSslContextFactory (https://ignite.apache.org/releases/latest/javadoc/org/apache/ignite/configuration/ClientConnectorConfiguration.html) [2] See `sslFactory` property: https://apacheignite-sql.readme.io/docs/jdbc-driver#jdbc-thin-driver [3] https://apacheignite-sql.readme.io/docs/jdbc-client-driver On 28.08.2018 12:39, wt wrote: i have finally managed to get a plugin working for a white list on ignite 2.6. I am now going to start working on an authorization for users connecting to the cluster. How can i get clients pass through a kerberos ticket to the cluster? I think i need to override the authorization context class but that would mean that i need to do it both on the server and the clients for odbc\jdbc etc. -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/ -- Taras Ledkov Mail-To: tled...@gridgain.com
custom plugin question - jdbc client
i have finally managed to get a plugin working for a white list on ignite 2.6. I am now going to start working on an authorization for users connecting to the cluster. How can i get clients pass through a kerberos ticket to the cluster? I think i need to override the authorization context class but that would mean that i need to do it both on the server and the clients for odbc\jdbc etc. -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/