Hi Ilya,
Thank you for you tip, but push(), pop() is in master code. I'm using stable
version 2.7.0 and i'm getting the same error. My new code is:
public SecurityContext authenticate(AuthenticationContext
authenticationContext) throws IgniteCheckedException {
if (authenticationContext.credentials().getLogin()==null) {
System.out.println("Usuario: null is not Authorizated to Connect");
return null;
}
System.out.println("subjectId: " +
authenticationContext.subjectId().toString());
SecurityPluginSecuritySubject securityPluginSecuritySubject = new
SecurityPluginSecuritySubject(
authenticationContext.subjectId(),
authenticationContext.subjectType(),
authenticationContext.credentials().getLogin(),
authenticationContext.address()
);
SecurityContext securityContext = new
SecurityPluginSecurityContext(securityPluginSecuritySubject);
SecurityContextHolder.set(securityContext);
return securityContext;
}
public void authorize(String s, SecurityPermission securityPermission,
@Nullable SecurityContext securityContext) throws SecurityException {
if (securityContext==null) {
if (SecurityContextHolder.get().subject().login().equals("test-user")) {
System.out.println("You can entry");
} else {
throw new SecurityException("You cannot entry");
}
}
}
And the error message in ignite node is:
[14:21:27,829][SEVERE][client-connector-#48][ClientListenerNioListener] Failed
to process client request
[req=o.a.i.i.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest@af561fe]
java.lang.NullPointerException
at
org.serhermar.ignite.security.SecurityPluginProcessor.authorize(SecurityPluginProcessor.java:74)
at
org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheCreate(GridCacheProcessor.java:3738)
at
org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheChange(GridCacheProcessor.java:3756)
at
org.apache.ignite.internal.processors.cache.GridCacheProcessor.initiateCacheChanges(GridCacheProcessor.java:3665)
at
org.apache.ignite.internal.processors.cache.GridCacheProcessor.lambda$dynamicStartCache$0(GridCacheProcessor.java:3232)
at
org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3245)
at
org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3153)
at org.apache.ignite.internal.IgniteKernal.createCache(IgniteKernal.java:2922)
at
org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.lambda$process$0(ClientCacheCreateWithConfigurationRequest.java:57)
at
org.apache.ignite.internal.processors.platform.client.ClientRequest.runWithSecurityExceptionHandler(ClientRequest.java:70)
at
org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.process(ClientCacheCreateWithConfigurationRequest.java:57)
at
org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.handle(ClientRequestHandler.java:57)
at
org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:162)
at
org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:45)
at
org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
at
org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
at
org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at
org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
SecurityContextHolder.get().subject().login() is null.
Thanks you!
________________________________
De: Ilya Kasnacheev <ilya.kasnach...@gmail.com>
Enviado: jueves, 14 de febrero de 2019 17:11
Para: user@ignite.apache.org
Asunto: Re: Authorization Plugin
Hello!
Please refer to SecurityContextHolder - get(), push(), pop().
When getting null you can just do SecurityContextHolder.get().
Regards,
--
Ilya Kasnacheev
пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez
<serher...@hotmail.com<mailto:serher...@hotmail.com>>:
hi everyone,
I'm developing my own authorization plugin. I've arrived to a point that i'm
blocked.
My code is:
public void authorize(String s, SecurityPermission securityPermission,
@Nullable SecurityContext securityContext) throws SecurityException {
if (securityContext.subject().login().equals("test-user")) {
System.out.println("You can entry");
} else {
System.out.println("You cannot entry");
}
}
I have a problem, always securityContext is null. But in my code i have:
public SecurityContext authenticate(AuthenticationContext
authenticationContext) throws IgniteCheckedException {
SecurityPluginSecuritySubject securityPluginSecuritySubject = new
SecurityPluginSecuritySubject(
authenticationContext.subjectId(),
authenticationContext.subjectType(),
authenticationContext.credentials().getLogin(),
authenticationContext.address()
);
return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}
In ignite code
(https://github.com/apache/ignite/blob/master/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java)
i've saw:
/**
* @param op Operation to check.
* @throws SecurityException If security check failed.
*/
public void checkSecurity(SecurityPermission op) throws SecurityException {
if (CU.isSystemCache(name()))
return;
ctx.security().authorize(name(), op, null);
}
In security context always is null. Why? Am I missing something in my code?
Thank's for your help.
