You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Stepachev Maksim (JIRA)" <ji...@apache.org> on 2019/07/17 14:23:00 UTC

[jira] [Created] (IGNITE-11992) Improvements for new security approach

Stepachev Maksim created IGNITE-11992:
-----------------------------------------

             Summary: Improvements for new security approach
                 Key: IGNITE-11992
                 URL: https://issues.apache.org/jira/browse/IGNITE-11992
             Project: Ignite
          Issue Type: Improvement
          Components: security
    Affects Versions: 2.8
            Reporter: Stepachev Maksim
            Assignee: Stepachev Maksim
             Fix For: 2.8


1. ZookeaperDiscoveryImpl doesn't implement security into itself.
 As a result: Caused by: class org.apache.ignite.spi.IgniteSpiException: Security context isn't certain.
2. The visor tasks lost permission. 
 The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
3. The GridRestProcessor does tasks outside "withContext" section. As result context loses.
4. The GridRestProcessor isn't client, we can't read security subject from node attribute. 
 We should transmit secCtx for fake nodes and secSubjId for real.
5. NoOpIgniteSecurityProcessor should include a disabled processor and validate it too if it is not null. It is important for a client node. 
For example:
Into IgniteKernal#securityProcessor method createComponent return a GridSecurityProcessor. For server nodes are enabled, but for clients aren't. The clients aren't able to pass validation for this reason. 
6. ATTR_SECURITY_SUBJECT was removed. It broke compatibility.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)