Giter VIP home page Giter VIP logo

Comments (5)

devinbost avatar devinbost commented on June 11, 2024

@aamargajbhiye

from ignite-security-plugin.

aamargajbhiye avatar aamargajbhiye commented on June 11, 2024

@devinbost I am glad you found this project helpful. You can find more information about this project at https://www.bugdbug.com/post/how-to-secure-apache-ignite-cluster

It would be easy to debug if you open this project in two different IDE instances and run those in debug mode. This way when you will start two different instances, you would get the joining request in SecurityProcessor.authenticateNode. From there you can debug and understand how authentication and authorization works.

from ignite-security-plugin.

devinbost avatar devinbost commented on June 11, 2024

@aamargajbhiye Thank you for the help.
I've made quite a bit of progress on my implementation, but now, whenever I try to run a SQL SELECT query on Ignite over JDBC, AuthorizationProcessor.authenticate(..) is run many times, like this:

Running AuthorizationPluginProvider.createCacheProvider(..)
Running AuthorizationPluginProvider.createComponent(..)
Running AuthorizationPluginProvider.createCacheProvider(..)
Running AuthorizationPluginProvider.createComponent(..)
// Initial setup completed
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite
Running AuthorizationProcessor.enabled()
Running AuthorizationProcessor.authenticate(..)
Username is: ignite

and then my JDBC client gives me this error:

	at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:134)
	at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeStatement(SQLQueryJob.java:488)
	at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.lambda$0(SQLQueryJob.java:425)
	at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:170)
	at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.executeSingleQuery(SQLQueryJob.java:417)
	at org.jkiss.dbeaver.ui.editors.sql.execute.SQLQueryJob.extractData(SQLQueryJob.java:775)
	at org.jkiss.dbeaver.ui.editors.sql.SQLEditor$QueryResultsContainer.readData(SQLEditor.java:2914)
	at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.lambda$0(ResultSetJobDataRead.java:111)
	at org.jkiss.dbeaver.model.exec.DBExecUtils.tryExecuteRecover(DBExecUtils.java:170)
	at org.jkiss.dbeaver.ui.controls.resultset.ResultSetJobDataRead.run(ResultSetJobDataRead.java:109)
	at org.jkiss.dbeaver.ui.controls.resultset.ResultSetViewer$17.run(ResultSetViewer.java:3423)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: java.sql.SQLException: Failed to communicate with Ignite cluster.
	at org.apache.ignite.internal.jdbc.thin.JdbcThinConnection.sendRequest(JdbcThinConnection.java:916)
	at org.apache.ignite.internal.jdbc.thin.JdbcThinStatement.execute0(JdbcThinStatement.java:231)
	at org.apache.ignite.internal.jdbc.thin.JdbcThinStatement.execute(JdbcThinStatement.java:559)
	at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.execute(JDBCStatementImpl.java:338)
	at org.jkiss.dbeaver.model.impl.jdbc.exec.JDBCStatementImpl.executeStatement(JDBCStatementImpl.java:131)
	... 12 more
Caused by: class org.apache.ignite.binary.BinaryObjectException: Not enough data to read the value [position=20, requiredBytes=1, remainingBytes=0]
	at org.apache.ignite.internal.binary.streams.BinaryAbstractInputStream.ensureEnoughData(BinaryAbstractInputStream.java:305)
	at org.apache.ignite.internal.binary.streams.BinaryAbstractInputStream.readByte(BinaryAbstractInputStream.java:35)
	at org.apache.ignite.internal.binary.streams.BinaryAbstractInputStream.readBoolean(BinaryAbstractInputStream.java:53)
	at org.apache.ignite.internal.binary.BinaryReaderExImpl.readBoolean(BinaryReaderExImpl.java:548)
	at org.apache.ignite.internal.processors.odbc.jdbc.JdbcQueryExecuteResult.readBinary(JdbcQueryExecuteResult.java:167)
	at org.apache.ignite.internal.processors.odbc.jdbc.JdbcResult.readResult(JdbcResult.java:207)
	at org.apache.ignite.internal.processors.odbc.jdbc.JdbcResponse.readBinary(JdbcResponse.java:153)
	at org.apache.ignite.internal.jdbc.thin.JdbcThinTcpIo.readResponse(JdbcThinTcpIo.java:451)
	at org.apache.ignite.internal.jdbc.thin.JdbcThinTcpIo.sendRequest(JdbcThinTcpIo.java:423)
	at org.apache.ignite.internal.jdbc.thin.JdbcThinConnection.sendRequest(JdbcThinConnection.java:890)
	... 16 more

(I'm using DBeaver as my client with a JDBC Ignite driver.)

Do you have any idea what might cause this?

from ignite-security-plugin.

devinbost avatar devinbost commented on June 11, 2024

I only get that error when running a SQL SELECT. I don't get it when I run CREATE TABLE or INSERT INTO.

from ignite-security-plugin.

devinbost avatar devinbost commented on June 11, 2024

@aamargajbhiye I got beyond those issues. The issue I'm running into now is that it's not clear how I can handle authenticatioN... all of my clients are able to authenticate with any username/password combination, which is a major security problem.

Do I need to implement my own approach in the authentication(..) method of the plugin to authenticate access?
It's not clear if there's even a way to create users for a cache since all the Ignite docs I've found that discuss creating users are referring to SQL tables.

from ignite-security-plugin.

Related Issues (1)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.