Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IGNITE-19073 Add authentication to thin client protocol #1918

Merged
merged 5 commits into from Apr 12, 2023
Merged

IGNITE-19073 Add authentication to thin client protocol #1918

merged 5 commits into from Apr 12, 2023

Conversation

Flaugh24
Copy link
Contributor

@Flaugh24 Flaugh24 commented Apr 6, 2023
edited by ptupitsyn

  • Pass credentials in client handshake extensions, authenticate when required.
  • Disconnect clients when authentication configuration changes.

https://issues.apache.org/jira/browse/IGNITE-19073

@ptupitsyn ptupitsyn marked this pull request as draft April 7, 2023 07:42
@Flaugh24 Flaugh24 marked this pull request as ready for review April 9, 2023 21:41
@Flaugh24
Copy link
Contributor Author

Flaugh24 commented Apr 9, 2023

https://issues.apache.org/jira/browse/IGNITE-19073

@Flaugh24 Flaugh24 changed the title Ignite 19073 IGNITE-19073 Apr 9, 2023
@Flaugh24 Flaugh24 changed the title IGNITE-19073 IGNITE-19073: Support thin clients authentically Apr 9, 2023
@Flaugh24 Flaugh24 changed the title IGNITE-19073: Support thin clients authentically IGNITE-19073 Support thin clients authentically Apr 9, 2023
ptupitsyn
ptupitsyn requested changes Apr 10, 2023
View reviewed changes
modules/client-common/src/main/java/org/apache/ignite/internal/client/proto/Extension.java Outdated Show resolved Hide resolved
...les/client-handler/src/integrationTest/java/org/apache/ignite/client/handler/TestServer.java Outdated
private final ClientHandlerMetricSource metrics = new ClientHandlerMetricSource();

private long idleTimeout = 5000;

TestServer(@Nullable TestSslConfig testSslConfig) {
TestServer(@Nullable TestSslConfig testSslConfig, AuthenticationConfiguration authenticationConfiguration) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make authenticationConfiguration nullable? It is not convenient to inject it in all tests where we don't actually need it.

Copy link
Contributor Author

@Flaugh24 Flaugh24 Apr 10, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done
Here and in another TestServer, it is better to use the Builder pattern. But I'd rather do it as a special ticket.

...ient-handler/src/main/java/org/apache/ignite/client/handler/ClientInboundMessageHandler.java Show resolved Hide resolved
...ient-handler/src/main/java/org/apache/ignite/client/handler/ClientInboundMessageHandler.java Outdated Show resolved Hide resolved
...ient-handler/src/main/java/org/apache/ignite/client/handler/ClientInboundMessageHandler.java Outdated Show resolved Hide resolved
...ient-handler/src/main/java/org/apache/ignite/client/handler/ClientInboundMessageHandler.java Outdated Show resolved Hide resolved
modules/client-common/src/main/java/org/apache/ignite/internal/client/proto/Extension.java Outdated
return e;
}
}
throw new IllegalArgumentException("Unknown extension key: " + key);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The point of handshake extensions is to be flexible and optional. We should skip unknown extensions instead of crashing.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, we should probably add UNKNOWN extension variant.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For what? We can return null here and check where the method is called.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's probably more explicit and thus more obvious that extension can be unknown and we need to check for this result rather then checking for null, but I'm not insisting as you for sure have more expertise in Java than I.

@ptupitsyn ptupitsyn changed the title IGNITE-19073 Support thin clients authentically IGNITE-19073 Add authentication to thin client protocol Apr 10, 2023
@ptupitsyn ptupitsyn requested a review from isapego April 10, 2023 08:32
ptupitsyn
ptupitsyn approved these changes Apr 10, 2023
View reviewed changes
...t-handler/src/integrationTest/java/org/apache/ignite/client/handler/ItClientHandlerTest.java Outdated
});
}).join();
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

@ptupitsyn ptupitsyn merged commit 7970847 into apache:main Apr 12, 2023
1 check passed
lowka pushed a commit to gridgain/apache-ignite-3 that referenced this pull request Apr 19, 2023
@Flaugh24 @lowka
IGNITE-19073 Add authentication to thin client protocol (apache#1918)
c4dcfb1 
* Pass credentials in client handshake extensions, authenticate when required.
* Disconnect clients when authentication configuration changes.

Co-authored-by: Ivan Gagarkin <igagarkin@gridgain.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@isapego isapego isapego approved these changes

@ptupitsyn ptupitsyn ptupitsyn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@Flaugh24 @isapego @ptupitsyn