Hi Sankar,

What Andei said is correct. We need to return a security subject. I faced
this problem and solved it like this : 

*1. Create your own SecurityPermissionSet class that implements
org.apache.ignite.plugin.security.SecurityPermissionSet .*

/public class TestSecurityPermissionSet implements SecurityPermissionSet,
Serializable {
    private boolean defaultAllowAll;
    private Map<String, Collection&lt;SecurityPermission>> taskPermissions;
    private Map<String, Collection&lt;SecurityPermission>> cachePermissions;
    private Map<String, Collection&lt;SecurityPermission>>
servicePermissions;
    private Collection<SecurityPermission> systemPermissions;

    public TestSecurityPermissionSet(boolean defaultAllowAll, Map<String,
Collection&lt;SecurityPermission>> taskPermissions, Map<String,
Collection&lt;SecurityPermission>> cachePermissions, Map<String,
Collection&lt;SecurityPermission>> servicePermissions,
Collection<SecurityPermission> systemPermissions) {
        this.defaultAllowAll = defaultAllowAll;
        this.taskPermissions = taskPermissions;
        this.cachePermissions = cachePermissions;
        this.servicePermissions = servicePermissions;
        this.systemPermissions = systemPermissions;
    }

    public boolean defaultAllowAll() {
        return defaultAllowAll;
    }

    public Map<String, Collection&lt;SecurityPermission>> taskPermissions()
{
        return taskPermissions;
    }

    public Map<String, Collection&lt;SecurityPermission>> cachePermissions()
{
        return cachePermissions;
    }

    public Map<String, Collection&lt;SecurityPermission>>
servicePermissions() {
        return servicePermissions;
    }

    @Nullable
    public Collection<SecurityPermission> systemPermissions() {
        return systemPermissions;
    }
}/
*2. Create your own security subject (say TestSecuritySubject) class that
implements org.apache.ignite.plugin.security.SecuritySubject.*
 /public class TestSecuritySubject implements SecuritySubject, Serializable
{

    private SecuritySubjectType subjectType;
    private UUID uuid;
    private Object login;
    private TestSecurityPermissionSet securityPermissionSet;

    public TestSecuritySubject(SecuritySubjectType subjectType, UUID uuid,
Object login, TestSecurityPermissionSet securityPermissionSet) {
        this.subjectType = subjectType;
        this.uuid = uuid;
        this.login = login;
        this.securityPermissionSet = securityPermissionSet;
    }

    public UUID id() {
        return uuid;
    }

    public SecuritySubjectType type() {
        return subjectType;
    }

    public Object login() {
        return login;
    }

    public InetSocketAddress address() {
        return null;
    }

    public TestSecurityPermissionSet permissions() {
        return securityPermissionSet;
    }
}/
*3. Create your own security context class that implements
org.apache.ignite.internal.processors.security.SecurityContext , with a
TestSecuritySubject field in the class.*
/public class TestSecurityContext implements SecurityContext, Serializable {
    private TestSecuritySubject securitySubject;

    public TestSecurityContext(TestSecuritySubject securitySubject) {
        this.securitySubject = securitySubject;
    }

    public SecuritySubject subject() {
        return securitySubject;
    }

    public boolean taskOperationAllowed(String taskClsName,
SecurityPermission perm) {
        //Check if the security subject task permissions contain the given
taskClsName and given perm and return true/false accordingly
    }

    public boolean cacheOperationAllowed(String cacheName,
SecurityPermission perm) {
        //Check if the security subject cache permissions contain the given
cacheName and given perm and return true/false accordingly
        
    }

    public boolean serviceOperationAllowed(String srvcName,
SecurityPermission perm) {
       //Check if the security subject service permissions contain the given
srvcName and given perm and return true/false accordingly
    }

    public boolean systemOperationAllowed(SecurityPermission perm) {
        //Check if the security subject system permissions contain the given 
perm and return true/false accordingly
    }

   
}/

*4. In the authenticateNode method, create an instance of your
SecuritySubject and set it in your SecurityContext instance and return it*. 

/public SecurityContext authenticateNode(ClusterNode node,
SecurityCredentials cred) throws IgniteCheckedException {
 TestSecurityPermissionSet permissionSet = new
TestSecurityPermissionSet(true, null, null, null, null);
                
TestSecuritySubject securitySubject = new
TestSecuritySubject(SecuritySubjectType.REMOTE_NODE, node.id(), "",
permissionSet);

return new TestSecurityContext(securitySubject);

}/

*In the above snippet, I gave
TestSecurityPermissionSet(true,null,null,null,null) ==> That is default
allow all is true. This way, you returned a security context with proper
subject and proper permissions.*

Let me know if you need more clarification. 







--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

Reply via email to