You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Mikhail Petrov (Jira)" <ji...@apache.org> on 2021/07/12 15:21:00 UTC
[jira] [Updated] (IGNITE-15101) Ignite tasks run in a security
context other than the initiator's security context
[ https://issues.apache.org/jira/browse/IGNITE-15101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mikhail Petrov updated IGNITE-15101:
------------------------------------
Description:
Ignite tasks run in a security context other than the initiator's security context.
Reproducer:
Make TestSecurityProcessor#authenticatedSubjects to return TestCertificateSecurityProcessor#secCtxs values to determine client subject id after authentication.
{code:java}
public class TaskSecurityContextTest extends AbstractSecurityTest {
/** */
private static final String TASK_NAME = "org.apache.ignite.internal.processors.security.events.TaskTest$TestComputeTask";
/** {@inheritDoc} */
@Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
return super.getConfiguration(igniteInstanceName)
.setClientConnectorConfiguration(
new ClientConnectorConfiguration().setThinClientConfiguration(
new ThinClientConfiguration().setMaxActiveComputeTasksPerConnection(1)));
}
/** */
@Test
public void test() throws Exception {
IgniteEx ignite = startGridAllowAll("srv");
String login = "test";
IgniteClient cli = Ignition.startClient(new ClientConfiguration()
.setAddresses(Config.SERVER)
.setUserName(login)
.setUserPassword("")
);
UUID subjId = ignite.context().security().authenticatedSubjects().stream()
.filter(subj -> subj.login().equals(login))
.findFirst()
.get()
.id();
cli.compute().execute(TASK_NAME, subjId);
}
/** Test compute task. */
public static class TestComputeTask extends ComputeTaskAdapter<UUID, Void> {
/** {@inheritDoc} */
@Override public @NotNull Map<? extends ComputeJob, ClusterNode> map(
List<ClusterNode> subgrid,
@Nullable UUID secSubjId
) throws IgniteException {
return F.asMap(new ComputeJob() {
/** */
@IgniteInstanceResource
private IgniteEx ignite;
@Override public void cancel() {
// No-op.
}
@Override public Object execute() throws IgniteException {
assertEquals(secSubjId, ignite.context().security().securityContext().subject().id());
return null;
}
}, subgrid.get(0));
}
/** {@inheritDoc} */
@Override public @Nullable Void reduce(List<ComputeJobResult> results) throws IgniteException {
return null;
}
}
{code}
was:
Ignite tasks run in a security context other than the initiator's security context.
Reproducer:
{code:java}
public class TaskSecurityContextTest extends AbstractSecurityTest {
/** */
private static final String TASK_NAME = "org.apache.ignite.internal.processors.security.events.TaskTest$TestComputeTask";
/** {@inheritDoc} */
@Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
return super.getConfiguration(igniteInstanceName)
.setClientConnectorConfiguration(
new ClientConnectorConfiguration().setThinClientConfiguration(
new ThinClientConfiguration().setMaxActiveComputeTasksPerConnection(1)));
}
/** */
@Test
public void test() throws Exception {
IgniteEx ignite = startGridAllowAll("srv");
String login = "test";
IgniteClient cli = Ignition.startClient(new ClientConfiguration()
.setAddresses(Config.SERVER)
.setUserName(login)
.setUserPassword("")
);
UUID subjId = ignite.context().security().authenticatedSubjects().stream()
.filter(subj -> subj.login().equals(login))
.findFirst()
.get()
.id();
cli.compute().execute(TASK_NAME, subjId);
}
/** Test compute task. */
public static class TestComputeTask extends ComputeTaskAdapter<UUID, Void> {
/** {@inheritDoc} */
@Override public @NotNull Map<? extends ComputeJob, ClusterNode> map(
List<ClusterNode> subgrid,
@Nullable UUID secSubjId
) throws IgniteException {
return F.asMap(new ComputeJob() {
/** */
@IgniteInstanceResource
private IgniteEx ignite;
@Override public void cancel() {
// No-op.
}
@Override public Object execute() throws IgniteException {
assertEquals(secSubjId, ignite.context().security().securityContext().subject().id());
return null;
}
}, subgrid.get(0));
}
/** {@inheritDoc} */
@Override public @Nullable Void reduce(List<ComputeJobResult> results) throws IgniteException {
return null;
}
}
{code}
> Ignite tasks run in a security context other than the initiator's security context
> -----------------------------------------------------------------------------------
>
> Key: IGNITE-15101
> URL: https://issues.apache.org/jira/browse/IGNITE-15101
> Project: Ignite
> Issue Type: Improvement
> Reporter: Mikhail Petrov
> Assignee: Mikhail Petrov
> Priority: Major
>
> Ignite tasks run in a security context other than the initiator's security context.
> Reproducer:
> Make TestSecurityProcessor#authenticatedSubjects to return TestCertificateSecurityProcessor#secCtxs values to determine client subject id after authentication.
> {code:java}
> public class TaskSecurityContextTest extends AbstractSecurityTest {
> /** */
> private static final String TASK_NAME = "org.apache.ignite.internal.processors.security.events.TaskTest$TestComputeTask";
> /** {@inheritDoc} */
> @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
> return super.getConfiguration(igniteInstanceName)
> .setClientConnectorConfiguration(
> new ClientConnectorConfiguration().setThinClientConfiguration(
> new ThinClientConfiguration().setMaxActiveComputeTasksPerConnection(1)));
> }
> /** */
> @Test
> public void test() throws Exception {
> IgniteEx ignite = startGridAllowAll("srv");
> String login = "test";
> IgniteClient cli = Ignition.startClient(new ClientConfiguration()
> .setAddresses(Config.SERVER)
> .setUserName(login)
> .setUserPassword("")
> );
> UUID subjId = ignite.context().security().authenticatedSubjects().stream()
> .filter(subj -> subj.login().equals(login))
> .findFirst()
> .get()
> .id();
> cli.compute().execute(TASK_NAME, subjId);
> }
> /** Test compute task. */
> public static class TestComputeTask extends ComputeTaskAdapter<UUID, Void> {
> /** {@inheritDoc} */
> @Override public @NotNull Map<? extends ComputeJob, ClusterNode> map(
> List<ClusterNode> subgrid,
> @Nullable UUID secSubjId
> ) throws IgniteException {
> return F.asMap(new ComputeJob() {
> /** */
> @IgniteInstanceResource
> private IgniteEx ignite;
> @Override public void cancel() {
> // No-op.
> }
> @Override public Object execute() throws IgniteException {
> assertEquals(secSubjId, ignite.context().security().securityContext().subject().id());
> return null;
> }
> }, subgrid.get(0));
> }
> /** {@inheritDoc} */
> @Override public @Nullable Void reduce(List<ComputeJobResult> results) throws IgniteException {
> return null;
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)