org.gridgain.grid.security.composite

Class CompositeAuthenticator<T extends Authenticator & AuthenticationValidator>

java.lang.Object

org.gridgain.grid.security.composite.CompositeAuthenticator<T>

All Implemented Interfaces:

LifecycleAware, AuthenticationValidator, Authenticator

public class CompositeAuthenticator<T extends Authenticator & AuthenticationValidator>
extends Object
implements Authenticator, AuthenticationValidator, LifecycleAware

Authenticator to combine two or more authenticators.

Description

This authenticator iterates on the authentication request through a list of authenticators in order until one provides a non-null response. A non-null response indicates the provider had authority to decide on the authentication request and no further authenticators are tried. If a subsequent authenticators successfully authenticates the request, the earlier authentication exception is disregarded and the successful authentication will be used. If no subsequent authenticators provides a null response, the last IgniteCheckedException received will be used.

Configuration

Mandatory

• List of authenticators (see setAuthenticators(Collection)

Optional

This authenticator has no optional parameters.

Java Example

 GridPasscodeAuthenticator passcodeAuth = new GridPasscodeAuthenticator();

 // Override authentication passcode.
 passcodeAuth.setAclProvider(new GridAuthenticationAclBasicProvider(
     F.asMap(userCred1, jsonSpec1, userCred2, jsonSpec2)));

 CertificateAuthenticator certificateAuth = new CertificateAuthenticator();
 certificateAuth.setPermissionsJson(
     F.asMap(new SubjectRegexPredicate("CN=client\\b.*"), "{defaultAllow:true}")
 );

 CompositeAuthenticator auth = new CompositeAuthenticator();

 auth.setAuthenticators(F.asList(passcodeAuth, certificateAuth));

 IgniteConfiguration cfg = new IgniteConfiguration();

 GridPluginConfiguration gCfg = new GridPluginConfiguration();

 // Override default authentication.
 gCfg.setAuthenticator(auth);

 cfg.setPluginConfigurations(gCfg);

 // Start grid.
 GridGain.start(cfg);
 

Spring Example

GridPasscodeAuthenticator can be configured from Spring XML configuration file:

 <bean id="grid.custom.cfg" class="org.apache.ignite.configuration.IgniteConfiguration" singleton="true">
         ...
         <property name="pluginConfigurations">
              <list>
                  <bean class="org.gridgain.grid.configuration.GridGainConfiguration">
                      <property name="authenticator">
                          <bean class="org.gridgain.grid.security.composite.CompositeAuthenticator">
                              <property name="authenticators">
                                  <list>
                                      <bean class="org.gridgain.grid.security.passcode.PasscodeAuthenticator">
                                          <!-- Set acl provider. -->
                                          <property name="aclProvider">
                                              <bean class="org.gridgain.grid.security.passcode.AuthenticationAclBasicProvider">
                                                  <constructor-arg>
                                                      <map>
                                                          <entry>
                                                              <key><ref bean="userCred1"/></key>
                                                              <value>{defaultAllow:false}</value>
                                                          </entry>
                                                          <entry>
                                                              <key><ref bean="userCred2"/></key>
                                                               <value>{defaultAllow:true}</value>
                                                          </entry>
                                                      </map>
                                                  </constructor-arg>
                                              </bean>
                                          </property>
                                      </bean>
                                      <bean class="org.gridgain.grid.security.certificate.CertificateAuthenticator">
                                          <property name="permissionsJson">
                                              <map>
                                                  <entry>
                                                      <key>
                                                          <bean class="org.gridgain.grid.security.certificate.SubjectRegexPredicate">
                                                              <constructor-arg type="java.lang.String" value="CN=client\\b.*"/>
                                                          </bean>
                                                      </key>
                                                       <value>{defaultAllow:true}</value>
                                                  </entry>
                                              </map>
                                          </property>
                                      </bean>
                               </list>
                              </property>
                          </bean>
                     </property>
                  </bean>
              </list>
         </property>
         ...
 </bean>
 

For information about Spring framework visit www.springframework.org

Constructor Summary

Constructors

Constructor and Description
CompositeAuthenticator()

Method Summary

Modifier and Type	Method and Description
SecuritySubject	authenticate(AuthenticationContext authCtx) Authenticates a given subject (either node or remote client).
Collection<T>	getAuthenticators() Gets list of authenticators.
boolean	isGlobalNodeAuthentication() Flag indicating whether node authentication should be run on coordinator only or on all nodes in current topology.
CompositeAuthenticator<T>	setAuthenticators(Collection<T> authenticators) Sets list of authenticators.
void	start() Starts grid component, called on grid start.
void	stop() Stops grid component, called on grid shutdown.
boolean	supported(SecuritySubjectType subjType) Checks if given subject is supported by this authenticator.
String	toString()
Object	validationToken() Returns validation token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CompositeAuthenticator

public CompositeAuthenticator()

Method Detail

getAuthenticators

public Collection<T> getAuthenticators()

Gets list of authenticators.

Returns:

List of Authenticator to use.

setAuthenticators

public CompositeAuthenticator<T> setAuthenticators(Collection<T> authenticators)

Sets list of authenticators.

Parameters:

authenticators - The list of Authenticator to use.

Returns:

this for chaining.

start

public void start()
           throws IgniteException

Description copied from interface: LifecycleAware

Starts grid component, called on grid start.

Specified by:

start in interface LifecycleAware

Throws:

IgniteException - If failed.

stop

public void stop()
          throws IgniteException

Stops grid component, called on grid shutdown.

Specified by:

stop in interface LifecycleAware

Throws:

IgniteException - If failed.

validationToken

public Object validationToken()

Returns validation token. GridGain checks that validation token on starting node is equal to tokens on already started nodes. If the token on the starting nodes differs, then an exception is thrown and the node fails to start.

Note: Configured marshaller should be able to marshall/unmarhsall the returned value.

Specified by:

validationToken in interface AuthenticationValidator

Returns:

Validation token.

supported

public boolean supported(SecuritySubjectType subjType)

Checks if given subject is supported by this authenticator. If not, then next authentication in the list will be checked.

Specified by:

supported in interface Authenticator

Parameters:

subjType - Subject type.

Returns:

True if subject type is supported, false otherwise.

authenticate

public SecuritySubject authenticate(AuthenticationContext authCtx)
                             throws IgniteCheckedException

Authenticates a given subject (either node or remote client).

Specified by:

authenticate in interface Authenticator

Parameters:

authCtx - Authentication context. Contains all necessary information required to authenticate the subject.

Returns:

Authenticated subject context or null if authentication did not pass.

Throws:

IgniteCheckedException - If authentication resulted in system error. Note that bad credentials should not cause this exception.

isGlobalNodeAuthentication

public boolean isGlobalNodeAuthentication()

Flag indicating whether node authentication should be run on coordinator only or on all nodes in current topology.

Specified by:

isGlobalNodeAuthentication in interface Authenticator

Returns:

True if all nodes in topology should authenticate joining node. In this case security permissions will be validated to be the same on all nodes. In case if permissions differ, node will not be able to join the topology. If this method returns false, only coordinator node will authenticate joining node.

toString

public String toString()

Overrides:

toString in class Object