You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Veena (Jira)" <ji...@apache.org> on 2020/02/12 15:27:00 UTC
[jira] [Commented] (IGNITE-12589) Remote thin client operations are
not authorized correctly.
[ https://issues.apache.org/jira/browse/IGNITE-12589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17035443#comment-17035443 ]
Veena commented on IGNITE-12589:
--------------------------------
Hi, Is there any work around to get the right security context for thin clients in authorize . This is also causing incorrect subject being logged as part of audit when we use authenticatedSubject() since the uuid associated with the event is of the node uuid.
> Remote thin client operations are not authorized correctly.
> -----------------------------------------------------------
>
> Key: IGNITE-12589
> URL: https://issues.apache.org/jira/browse/IGNITE-12589
> Project: Ignite
> Issue Type: Bug
> Affects Versions: 2.7.6
> Reporter: PetrovMikhail
> Priority: Major
>
> In the current Ignite security approach security subject id is considered to be a node id (see IgniteSecurityProcessor#withContext()). In the case of thin clients, this approach doesn't work correctly. If some operation is executed on behalf of the thin client on a remote node (node that is different from one to which thin client connection was established), it's impossible in the same way as for a node to obtain a thin client security subject information.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)