JAAS Authentication
JaasAuthenticator provides authentication based on the JAAS standard. On authentication request, this SPI delegates authentication to the externally configured JAAS login module in accordance with the JAAS Reference Guide. The path to the JAAS configuration file is specified via the -Djava.security.auth.login.config=/my/path/jass.config system property. Here is an example of a JAAS configuration file for an LDAP login module:
GridJaasLoginContext {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://serverName/ou=People,dc=nodomain"
userFilter="uid={USERNAME}"
authzIdentity="{<ATTR_NAME_OF_GRIDGAIN_PERMISSIONS>}"
useSSL=false
debug=false;
};Here <ATTR_NAME_OF_GRIDGAIN_PERMISSIONS> is the attribute name of the user’s LDAP entry that contains GridGain permissions in JSON format. Below is an example of how multiple caches and tasks can be authorized for different set of permissions (see Authorization and Permissions for the full list of available permissions):
{
{
"cache":"partitioned",
"permissions":["CACHE_PUT", "CACHE_REMOVE", "CACHE_READ"]
},
{
"cache":"*",
"permissions":["CACHE_READ"]
},
{
"task":"org.mytasks.*",
"permissions":["TASK_EXECUTE"]
},
"defaultAllow":"false"
}JaasAuthenticator can be specified in GridGainConfiguration programmatically:
// GridGain plugin configuration.
GridGainConfiguration cfg = new GridGainConfiguration();
// Set JAAS authenticator.
cfg.setAuthenticator(new JaasAuthenticator());or via a Spring XML configuration file:
<bean class="org.gridgain.grid.configuration.GridGainConfiguration">
...
<property name="authenticator">
<bean class="org.gridgain.grid.security.jaas.JaasAuthenticator"/>
</property>
...
</bean>© 2021 GridGain Systems, Inc. All Rights Reserved. Privacy Policy | Legal Notices. GridGain® is a registered trademark of GridGain Systems, Inc.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.