Security
This is a legacy Apache Ignite documentationThe new documentation is hosted here: https://ignite.apache.org/docs/latest/
Authentication
Turn on and configure authentication on Apache Ignite cluster side as explained here. Pass username and password to ClientConfiguration on the PHP side as follows:
const ENDPOINT = 'localhost:10800';
const USER_NAME = 'ignite';
const PASSWORD = 'ignite';
$config = (new ClientConfiguration(AuthTlsExample::ENDPOINT))->
setUserName(AuthTlsExample::USER_NAME)->
setPassword(AuthTlsExample::PASSWORD);Encryption
- Obtain certificates required for TLS:
- or obtain existing certificates available for a specified Ignite server
- or generate new certificates for the Ignite server you are working with
- The following files are needed:
keystore.jks,truststore.jks- for the server sideclient.key,client.crt,ca.crt- for the client side
- Set up Apache Ignite server to support SSL\TLS. Provide the obtained
keystore.jksandtruststore.jkscertificates during the setup. - Place
client.key,client.crtandca.crtfiles somewhere locally for the client. - Update the constants
TLS_KEY_FILE_NAME,TLS_CERT_FILE_NAMEandTLS_CA_FILE_NAMEin the example below as needed. - Update the
USER_NAMEandPASSWORDconstants in the example below as needed.
use Apache\Ignite\Client;
use Apache\Ignite\ClientConfiguration;
use Apache\Ignite\Cache\CacheInterface;
use Apache\Ignite\Exception\ClientException;
use Apache\Ignite\Type\ObjectType;
class AuthTlsExample
{
const ENDPOINT = 'localhost:10800';
const USER_NAME = 'ignite';
const PASSWORD = 'ignite';
const TLS_CLIENT_CERT_FILE_NAME = __DIR__ . '/certs/client.pem';
const TLS_CA_FILE_NAME = __DIR__ . '/certs/ca.pem';
const CACHE_NAME = 'AuthTlsExample_cache';
public function start(): void
{
$client = new Client();
try {
$tlsOptions = [
'local_cert' => AuthTlsExample::TLS_CLIENT_CERT_FILE_NAME,
'cafile' => AuthTlsExample::TLS_CA_FILE_NAME
];
$config = (new ClientConfiguration(AuthTlsExample::ENDPOINT))->
setUserName(AuthTlsExample::USER_NAME)->
setPassword(AuthTlsExample::PASSWORD)->
setTLSOptions($tlsOptions);
$client->connect($config);
echo("Client connected successfully (with TLS and authentication enabled)" . PHP_EOL);
$cache = $client->getOrCreateCache(AuthTlsExample::CACHE_NAME)->
setKeyType(ObjectType::BYTE)->
setValueType(ObjectType::SHORT_ARRAY);
$this->putGetData($cache);
$client->destroyCache(AuthTlsExample::CACHE_NAME);
} catch (ClientException $e) {
echo('ERROR: ' . $e->getMessage() . PHP_EOL);
} finally {
$client->disconnect();
}
}
private function putGetData(CacheInterface $cache): void
{
$values = [
1 => $this->generateValue(1),
2 => $this->generateValue(2),
3 => $this->generateValue(3)
];
// put values
foreach ($values as $key => $value) {
$cache->put($key, $value);
}
echo('Cache values put successfully:' . PHP_EOL);
foreach ($values as $key => $value) {
$this->printValue($key, $value);
}
// get and compare values
echo('Cache values get:' . PHP_EOL);
foreach ($values as $key => $value) {
$cacheValue = $cache->get($key);
$this->printValue($key, $cacheValue);
if (!$this->compareValues($value, $cacheValue)) {
echo('Unexpected cache value!' . PHP_EOL);
return;
}
}
echo('Cache values compared successfully' . PHP_EOL);
}
private function compareValues(array $array1, array $array2): bool
{
return count(array_diff($array1, $array2)) === 0;
}
private function generateValue(int $key): array
{
$length = $key + 2;
$result = [];
for ($i = 0; $i < $length; $i++) {
array_push($result, $key * 10 + $i);
}
return $result;
}
private function printValue($key, $value): void
{
echo(sprintf(' %d => [%s]%s', $key, implode(', ', $value), PHP_EOL));
}
}
$authTlsExample = new AuthTlsExample();
$authTlsExample->start();
PHP example filesPHP thin client contains fully workable examples to demonstrate the behavior of the client.
Updated 9 months ago