You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Stepachev Maksim (Jira)" <ji...@apache.org> on 2019/10/18 11:39:00 UTC
[jira] [Updated] (IGNITE-11992) Improvements for new security
approach
[ https://issues.apache.org/jira/browse/IGNITE-11992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stepachev Maksim updated IGNITE-11992:
--------------------------------------
Description:
1. The visor tasks lost permission.
The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
2. The GridRestProcessor does tasks outside "withContext" section. As result context loses.
In additional:
Change a java docs for TaskEvent, CacheEvent, CacheQueryExecutedEvent and
CacheQueryReadEvent.
"Gets security subject ID initiated this task event, if available.
This property is not available for GridEventType#EVT_TASK_SESSION_ATTR_SET
task event.
Subject ID will be set either to node ID or client ID initiated task
execution."
by:
"Gets security subject ID initiated this task event if IgniteSecurity is
enabled, otherwise returns null."
was:
1. The visor tasks lost permission.
The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
2. The GridRestProcessor does tasks outside "withContext" section. As result context loses.
3. The GridRestProcessor isn't client, we can't read security subject from node attribute.
We should transmit secCtx for fake nodes and secSubjId for real.
In additional:
Change a java docs for TaskEvent, CacheEvent, CacheQueryExecutedEvent and
CacheQueryReadEvent.
"Gets security subject ID initiated this task event, if available.
This property is not available for GridEventType#EVT_TASK_SESSION_ATTR_SET
task event.
Subject ID will be set either to node ID or client ID initiated task
execution."
by:
"Gets security subject ID initiated this task event if IgniteSecurity is
enabled, otherwise returns null."
> Improvements for new security approach
> --------------------------------------
>
> Key: IGNITE-11992
> URL: https://issues.apache.org/jira/browse/IGNITE-11992
> Project: Ignite
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.8
> Reporter: Stepachev Maksim
> Assignee: Stepachev Maksim
> Priority: Major
> Fix For: 2.8
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> 1. The visor tasks lost permission.
> The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
> 2. The GridRestProcessor does tasks outside "withContext" section. As result context loses.
> In additional:
> Change a java docs for TaskEvent, CacheEvent, CacheQueryExecutedEvent and
> CacheQueryReadEvent.
> "Gets security subject ID initiated this task event, if available.
> This property is not available for GridEventType#EVT_TASK_SESSION_ATTR_SET
> task event.
> Subject ID will be set either to node ID or client ID initiated task
> execution."
> by:
> "Gets security subject ID initiated this task event if IgniteSecurity is
> enabled, otherwise returns null."
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)