public class CompositeAuthenticator<T extends Authenticator & AuthenticationValidator> extends Object implements Authenticator, AuthenticationValidator, LifecycleAware
This authenticator iterates on the authentication request through a list of authenticators in order until one provides a non-null response. A non-null response indicates the provider had authority to decide on the authentication request and no further authenticators are tried. If a subsequent authenticators successfully authenticates the request, the earlier authentication exception is disregarded and the successful authentication will be used. If no subsequent authenticators provides a null response, the last IgniteCheckedException received will be used.
setAuthenticators(Collection)
GridPasscodeAuthenticator passcodeAuth = new GridPasscodeAuthenticator(); // Override authentication passcode. passcodeAuth.setAclProvider(new GridAuthenticationAclBasicProvider( F.asMap(userCred1, jsonSpec1, userCred2, jsonSpec2))); CertificateAuthenticator certificateAuth = new CertificateAuthenticator(); certificateAuth.setPermissionsJson( F.asMap(new SubjectRegexPredicate("CN=client\\b.*"), "{defaultAllow:true}") ); CompositeAuthenticator auth = new CompositeAuthenticator(); auth.setAuthenticators(F.asList(passcodeAuth, certificateAuth)); IgniteConfiguration cfg = new IgniteConfiguration(); GridPluginConfiguration gCfg = new GridPluginConfiguration(); // Override default authentication. gCfg.setAuthenticator(auth); cfg.setPluginConfigurations(gCfg); // Start grid. GridGain.start(cfg);
<bean id="grid.custom.cfg" class="org.apache.ignite.configuration.IgniteConfiguration" singleton="true"> ... <property name="pluginConfigurations"> <list> <bean class="org.gridgain.grid.configuration.GridGainConfiguration"> <property name="authenticator"> <bean class="org.gridgain.grid.security.composite.CompositeAuthenticator"> <property name="authenticators"> <list> <bean class="org.gridgain.grid.security.passcode.PasscodeAuthenticator"> <!-- Set acl provider. --> <property name="aclProvider"> <bean class="org.gridgain.grid.security.passcode.AuthenticationAclBasicProvider"> <constructor-arg> <map> <entry> <key><ref bean="userCred1"/></key> <value>{defaultAllow:false}</value> </entry> <entry> <key><ref bean="userCred2"/></key> <value>{defaultAllow:true}</value> </entry> </map> </constructor-arg> </bean> </property> </bean> <bean class="org.gridgain.grid.security.certificate.CertificateAuthenticator"> <property name="permissionsJson"> <map> <entry> <key> <bean class="org.gridgain.grid.security.certificate.SubjectRegexPredicate"> <constructor-arg type="java.lang.String" value="CN=client\\b.*"/> </bean> </key> <value>{defaultAllow:true}</value> </entry> </map> </property> </bean> </list> </property> </bean> </property> </bean> </list> </property> ... </bean>
For information about Spring framework visit www.springframework.org
Constructor and Description |
---|
CompositeAuthenticator() |
Modifier and Type | Method and Description |
---|---|
SecuritySubject |
authenticate(AuthenticationContext authCtx)
Authenticates a given subject (either node or remote client).
|
Collection<T> |
getAuthenticators()
Gets list of authenticators.
|
boolean |
isGlobalNodeAuthentication()
Flag indicating whether node authentication should be run on coordinator only or on all nodes
in current topology.
|
CompositeAuthenticator<T> |
setAuthenticators(Collection<T> authenticators)
Sets list of authenticators.
|
void |
start()
Starts grid component, called on grid start.
|
void |
stop()
Stops grid component, called on grid shutdown.
|
boolean |
supported(SecuritySubjectType subjType)
Checks if given subject is supported by this authenticator.
|
String |
toString() |
Object |
validationToken()
Returns validation token.
|
public Collection<T> getAuthenticators()
Authenticator
to use.public CompositeAuthenticator<T> setAuthenticators(Collection<T> authenticators)
authenticators
- The list of Authenticator
to use.this
for chaining.public void start() throws IgniteException
LifecycleAware
start
in interface LifecycleAware
IgniteException
- If failed.public void stop() throws IgniteException
stop
in interface LifecycleAware
IgniteException
- If failed.public Object validationToken()
Note: Configured marshaller should be able to marshall/unmarhsall the returned value.
validationToken
in interface AuthenticationValidator
public boolean supported(SecuritySubjectType subjType)
supported
in interface Authenticator
subjType
- Subject type.True
if subject type is supported, false
otherwise.public SecuritySubject authenticate(AuthenticationContext authCtx) throws IgniteCheckedException
authenticate
in interface Authenticator
authCtx
- Authentication context. Contains all necessary information required to authenticate
the subject.null
if authentication did not pass.IgniteCheckedException
- If authentication resulted in system error.
Note that bad credentials should not cause this exception.public boolean isGlobalNodeAuthentication()
isGlobalNodeAuthentication
in interface Authenticator
True
if all nodes in topology should authenticate joining node. In this case security
permissions will be validated to be the same on all nodes. In case if permissions differ, node will
not be able to join the topology. If this method returns false
, only coordinator node will
authenticate joining node.
GridGain In-Memory Computing Platform : ver. 8.9.18 Release Date : March 14 2025