org.gridgain.grid.security.passcode

Class IgniteAuthenticator

java.lang.Object

org.gridgain.grid.security.passcode.PasscodeAuthenticator

org.gridgain.grid.security.passcode.IgniteAuthenticator

All Implemented Interfaces:

LifecycleAware, AuthenticationValidator, Authenticator, PasscodeAuthenticatorMBean

public class IgniteAuthenticator
extends PasscodeAuthenticator

Authenticate server nodes using PasscodeAuthenticator.

Authenticate client nodes and thin clients using native Apache Ignite authentication mechanism and then get permissions using PasscodeAuthenticator. Password must be removed from the clients SecurityCredentials in the credentials-permissions mapping configuration. The passwords are verified as part of the native Ignite authentication.

Constructor Summary

Constructors

Constructor and Description
IgniteAuthenticator()

Method Summary

Modifier and Type	Method and Description
SecuritySubject	authenticate(AuthenticationContext authCtx) Authenticates a given subject (either node or remote client).
boolean	isGlobalNodeAuthentication() Flag indicating whether node authentication should be run on coordinator only or on all nodes in current topology.

Methods inherited from class org.gridgain.grid.security.passcode.PasscodeAuthenticator

getPasscodesFormatted, setAclProvider, start, stop, supported, toString, validationToken

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

IgniteAuthenticator

public IgniteAuthenticator()

Method Detail

authenticate

public SecuritySubject authenticate(AuthenticationContext authCtx)
                             throws IgniteCheckedException

Authenticates a given subject (either node or remote client).

Specified by:

authenticate in interface Authenticator

Overrides:

authenticate in class PasscodeAuthenticator

Parameters:

authCtx - Authentication context. Contains all necessary information required to authenticate the subject.

Returns:

Authenticated subject context or null if authentication did not pass.

Throws:

IgniteCheckedException - If authentication resulted in system error. Note that bad credentials should not cause this exception.

isGlobalNodeAuthentication

public boolean isGlobalNodeAuthentication()

Flag indicating whether node authentication should be run on coordinator only or on all nodes in current topology.

Specified by:

isGlobalNodeAuthentication in interface Authenticator

Overrides:

isGlobalNodeAuthentication in class PasscodeAuthenticator

Returns:

True if all nodes in topology should authenticate joining node. In this case security permissions will be validated to be the same on all nodes. In case if permissions differ, node will not be able to join the topology. If this method returns false, only coordinator node will authenticate joining node.