GridGain Developers Hub
GitHub logo GridGain iso GridGain.com
GridGain Software Documentation

JAAS Authentication

JaasAuthenticator provides authentication based on the JAAS standard. On authentication request, this SPI delegates authentication to the externally configured JAAS login module in accordance with the JAAS Reference Guide. The path to the JAAS configuration file is specified via the -Djava.security.auth.login.config=/my/path/jass.config system property. Here is an example of a JAAS configuration file for an LDAP login module:

GridJaasLoginContext {
    com.sun.security.auth.module.LdapLoginModule REQUIRED
    userProvider="ldap://serverName/ou=People,dc=nodomain"
    userFilter="uid={USERNAME}"
    authzIdentity="{<ATTR_NAME_OF_GRIDGAIN_PERMISSIONS>}"
    useSSL=false
    debug=false;
};

Here <ATTR_NAME_OF_GRIDGAIN_PERMISSIONS> is the attribute name of the user’s LDAP entry that contains GridGain permissions in JSON format. Below is an example of how multiple caches and tasks can be authorized for different set of permissions (see Authorization and Permissions for the full list of available permissions):

{
    {
        "cache":"partitioned",
        "permissions":["CACHE_PUT", "CACHE_REMOVE", "CACHE_READ"]
    },
    {
        "cache":"*",
        "permissions":["CACHE_READ"]
    },
    {
        "task":"org.mytasks.*",
        "permissions":["TASK_EXECUTE"]
    },
    "defaultAllow":"false"
}

JaasAuthenticator can be specified in GridGainConfiguration programmatically:

// GridGain plugin configuration.
GridGainConfiguration cfg = new GridGainConfiguration();

// Set JAAS authenticator.
cfg.setAuthenticator(new JaasAuthenticator());

or via a Spring XML configuration file:

<bean class="org.gridgain.grid.configuration.GridGainConfiguration">
    ...
    <property name="authenticator">
        <bean class="org.gridgain.grid.security.jaas.JaasAuthenticator"/>
    </property>
    ...
</bean>