Google Git
Sign in
apache / ignite / f1dbf6ff461154262b1f892b2ff571b40aba4c02 / . / modules / core / src / main / java / org / apache / ignite / internal / processors / odbc / ClientListenerAbstractConnectionContext.java
blob: 1c19d5599cd20f30504e535b59f9d9295b212196 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.ignite.internal.processors.odbc;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
import org.apache.ignite.internal.processors.authentication.IgniteAccessControlException;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.jetbrains.annotations.Nullable;
import java.util.Collections;
import java.util.UUID;
import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_CLIENT;
/**
* Base connection context.
*/
public abstract class ClientListenerAbstractConnectionContext implements ClientListenerConnectionContext {
/** Kernal context. */
protected final GridKernalContext ctx;
/** Security context or {@code null} if security is disabled. */
private SecurityContext secCtx;
/** Connection ID. */
private long connId;
/** Authorization context. */
private AuthorizationContext authCtx;
/**
* Constructor.
*
* @param ctx Kernal context.
*/
protected ClientListenerAbstractConnectionContext(GridKernalContext ctx, long connId) {
this.ctx = ctx;
this.connId = connId;
}
/**
* @return Kernal context.
*/
public GridKernalContext kernalContext() {
return ctx;
}
/**
* @return Security context.
*/
@Nullable public SecurityContext securityContext() {
return secCtx;
}
/** {@inheritDoc} */
@Nullable @Override public AuthorizationContext authorizationContext() {
return authCtx;
}
/** {@inheritDoc} */
@Override public long connectionId() {
return connId;
}
/**
* Perform authentication.
*
* @return Auth context.
* @throws IgniteCheckedException If failed.
*/
protected AuthorizationContext authenticate(String user, String pwd) throws IgniteCheckedException {
if (ctx.security().enabled())
authCtx = authenticateExternal(user, pwd).authorizationContext();
else if (ctx.authentication().enabled()) {
if (F.isEmpty(user))
throw new IgniteAccessControlException("Unauthenticated sessions are prohibited.");
authCtx = ctx.authentication().authenticate(user, pwd);
if (authCtx == null)
throw new IgniteAccessControlException("Unknown authentication error.");
}
else
authCtx = null;
return authCtx;
}
/**
* Do 3-rd party authentication.
*/
private AuthenticationContext authenticateExternal(String user, String pwd) throws IgniteCheckedException {
SecurityCredentials cred = new SecurityCredentials(user, pwd);
AuthenticationContext authCtx = new AuthenticationContext();
authCtx.subjectType(REMOTE_CLIENT);
authCtx.subjectId(UUID.randomUUID());
authCtx.nodeAttributes(Collections.emptyMap());
authCtx.credentials(cred);
secCtx = ctx.security().authenticate(authCtx);
if (secCtx == null)
throw new IgniteAccessControlException(
String.format("The user name or password is incorrect [userName=%s]", user)
);
return authCtx;
}
}