Hi Sankar,
What Andei said is correct. We need to return a security subject. I faced
this problem and solved it like this :
*1. Create your own SecurityPermissionSet class that implements
org.apache.ignite.plugin.security.SecurityPermissionSet .*
/public class TestSecurityPermissionSet implements SecurityPermissionSet,
Serializable {
private boolean defaultAllowAll;
private Map<String, Collection<SecurityPermission>> taskPermissions;
private Map<String, Collection<SecurityPermission>> cachePermissions;
private Map<String, Collection<SecurityPermission>>
servicePermissions;
private Collection<SecurityPermission> systemPermissions;
public TestSecurityPermissionSet(boolean defaultAllowAll, Map<String,
Collection<SecurityPermission>> taskPermissions, Map<String,
Collection<SecurityPermission>> cachePermissions, Map<String,
Collection<SecurityPermission>> servicePermissions,
Collection<SecurityPermission> systemPermissions) {
this.defaultAllowAll = defaultAllowAll;
this.taskPermissions = taskPermissions;
this.cachePermissions = cachePermissions;
this.servicePermissions = servicePermissions;
this.systemPermissions = systemPermissions;
}
public boolean defaultAllowAll() {
return defaultAllowAll;
}
public Map<String, Collection<SecurityPermission>> taskPermissions()
{
return taskPermissions;
}
public Map<String, Collection<SecurityPermission>> cachePermissions()
{
return cachePermissions;
}
public Map<String, Collection<SecurityPermission>>
servicePermissions() {
return servicePermissions;
}
@Nullable
public Collection<SecurityPermission> systemPermissions() {
return systemPermissions;
}
}/
*2. Create your own security subject (say TestSecuritySubject) class that
implements org.apache.ignite.plugin.security.SecuritySubject.*
/public class TestSecuritySubject implements SecuritySubject, Serializable
{
private SecuritySubjectType subjectType;
private UUID uuid;
private Object login;
private TestSecurityPermissionSet securityPermissionSet;
public TestSecuritySubject(SecuritySubjectType subjectType, UUID uuid,
Object login, TestSecurityPermissionSet securityPermissionSet) {
this.subjectType = subjectType;
this.uuid = uuid;
this.login = login;
this.securityPermissionSet = securityPermissionSet;
}
public UUID id() {
return uuid;
}
public SecuritySubjectType type() {
return subjectType;
}
public Object login() {
return login;
}
public InetSocketAddress address() {
return null;
}
public TestSecurityPermissionSet permissions() {
return securityPermissionSet;
}
}/
*3. Create your own security context class that implements
org.apache.ignite.internal.processors.security.SecurityContext , with a
TestSecuritySubject field in the class.*
/public class TestSecurityContext implements SecurityContext, Serializable {
private TestSecuritySubject securitySubject;
public TestSecurityContext(TestSecuritySubject securitySubject) {
this.securitySubject = securitySubject;
}
public SecuritySubject subject() {
return securitySubject;
}
public boolean taskOperationAllowed(String taskClsName,
SecurityPermission perm) {
//Check if the security subject task permissions contain the given
taskClsName and given perm and return true/false accordingly
}
public boolean cacheOperationAllowed(String cacheName,
SecurityPermission perm) {
//Check if the security subject cache permissions contain the given
cacheName and given perm and return true/false accordingly
}
public boolean serviceOperationAllowed(String srvcName,
SecurityPermission perm) {
//Check if the security subject service permissions contain the given
srvcName and given perm and return true/false accordingly
}
public boolean systemOperationAllowed(SecurityPermission perm) {
//Check if the security subject system permissions contain the given
perm and return true/false accordingly
}
}/
*4. In the authenticateNode method, create an instance of your
SecuritySubject and set it in your SecurityContext instance and return it*.
/public SecurityContext authenticateNode(ClusterNode node,
SecurityCredentials cred) throws IgniteCheckedException {
TestSecurityPermissionSet permissionSet = new
TestSecurityPermissionSet(true, null, null, null, null);
TestSecuritySubject securitySubject = new
TestSecuritySubject(SecuritySubjectType.REMOTE_NODE, node.id(), "",
permissionSet);
return new TestSecurityContext(securitySubject);
}/
*In the above snippet, I gave
TestSecurityPermissionSet(true,null,null,null,null) ==> That is default
allow all is true. This way, you returned a security context with proper
subject and proper permissions.*
Let me know if you need more clarification.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/