Re: Authorization Plugin

Mon, 18 Feb 2019 03:19:17 -0800 

Hello!

I guess you will have to fill this context yourself for calls which supply
null as context. Then maybe put it in holder.

Regards,
-- 
Ilya Kasnacheev


сб, 16 февр. 2019 г. в 16:28, Sergio Hernández Martínez <
[email protected]>:

> Hi Ilya,
>
> Thank you for you tip, but push(), pop() is in master code. I'm using
> stable version 2.7.0 and i'm getting the same error. My new code is:
>
> public SecurityContext authenticate(AuthenticationContext
> authenticationContext) throws IgniteCheckedException {
>
>     if (authenticationContext.credentials().getLogin()==null) {
>         System.out.println("Usuario: null is not Authorizated to Connect");
>         return null;
>     }
>
>     System.out.println("subjectId: " +
> authenticationContext.subjectId().toString());
>
>     SecurityPluginSecuritySubject securityPluginSecuritySubject = new
> SecurityPluginSecuritySubject(
>             authenticationContext.subjectId(),
>             authenticationContext.subjectType(),
>             authenticationContext.credentials().getLogin(),
>             authenticationContext.address()
>     );
>
>     SecurityContext securityContext = new
> SecurityPluginSecurityContext(securityPluginSecuritySubject);
>
>     SecurityContextHolder.set(securityContext);
>
>     return securityContext;
> }
>
> public void authorize(String s, SecurityPermission securityPermission,
> @Nullable SecurityContext securityContext) throws SecurityException {
>     if (securityContext==null) {
>         if
> (SecurityContextHolder.get().subject().login().equals("test-user")) {
>             System.out.println("You can entry");
>         } else {
>             throw new SecurityException("You cannot entry");
>         }
>     }
> }
>
> And the error message in ignite node is:
>
> [14:21:27,829][SEVERE][client-connector-#48][ClientListenerNioListener]
> Failed to process client request
> [req=o.a.i.i.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest@af561fe
> ]
> java.lang.NullPointerException
> at
> org.serhermar.ignite.security.SecurityPluginProcessor.authorize(SecurityPluginProcessor.java:74)
> at
> org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheCreate(GridCacheProcessor.java:3738)
> at
> org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheChange(GridCacheProcessor.java:3756)
> at
> org.apache.ignite.internal.processors.cache.GridCacheProcessor.initiateCacheChanges(GridCacheProcessor.java:3665)
> at
> org.apache.ignite.internal.processors.cache.GridCacheProcessor.lambda$dynamicStartCache$0(GridCacheProcessor.java:3232)
> at
> org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3245)
> at
> org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3153)
> at
> org.apache.ignite.internal.IgniteKernal.createCache(IgniteKernal.java:2922)
> at
> org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.lambda$process$0(ClientCacheCreateWithConfigurationRequest.java:57)
> at
> org.apache.ignite.internal.processors.platform.client.ClientRequest.runWithSecurityExceptionHandler(ClientRequest.java:70)
> at
> org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.process(ClientCacheCreateWithConfigurationRequest.java:57)
> at
> org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.handle(ClientRequestHandler.java:57)
> at
> org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:162)
> at
> org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:45)
> at
> org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
> at
> org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
> at
> org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at
> org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>
> SecurityContextHolder.get().subject().login() is null.
>
> Thanks you!
>
>
> ------------------------------
> *De:* Ilya Kasnacheev <[email protected]>
> *Enviado:* jueves, 14 de febrero de 2019 17:11
> *Para:* [email protected]
> *Asunto:* Re: Authorization Plugin
>
> Hello!
>
> Please refer to SecurityContextHolder - get(), push(), pop().
>
> When getting null you can just do SecurityContextHolder.get().
>
> Regards,
> --
> Ilya Kasnacheev
>
>
> пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez <
> [email protected]>:
>
> hi everyone,
>
> I'm developing my own authorization plugin. I've arrived to a point that
> i'm blocked.
>
> My code is:
>
> public void authorize(String s, SecurityPermission securityPermission,
> @Nullable SecurityContext securityContext) throws SecurityException {
>         if (securityContext.subject().login().equals("test-user")) {
>             System.out.println("You can entry");
>         } else {
>             System.out.println("You cannot entry");
>         }
>     }
>
> I have a problem, always securityContext is null. But in my code i have:
>
> public SecurityContext authenticate(AuthenticationContext
> authenticationContext) throws IgniteCheckedException {
>         SecurityPluginSecuritySubject securityPluginSecuritySubject = new
> SecurityPluginSecuritySubject(
>                 authenticationContext.subjectId(),
>                 authenticationContext.subjectType(),
>                 authenticationContext.credentials().getLogin(),
>                 authenticationContext.address()
>         );
>
>         return new
> SecurityPluginSecurityContext(securityPluginSecuritySubject);
> }
>
> In ignite code (
> https://github.com/apache/ignite/blob/master/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java)
> i've saw:
>
>
>  /**
>      * @param op Operation to check.
>      * @throws SecurityException If security check failed.
>      */
>     public void checkSecurity(SecurityPermission op) throws
> SecurityException {
>         if (CU.isSystemCache(name()))
>             return;
>
>         ctx.security().authorize(name(), op, null);
>     }
>
> In security context always is null. Why? Am I missing something in my code?
>
> Thank's for your help.
>
>

Reply via email to