ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Garus <garus....@gmail.com>
Subject Re: Issue with custom security plugin and thin clients
Date Mon, 30 Nov 2020 08:40:43 GMT
Hi!

Node attributes can't be used to spread a thin client's security context.
For this purpose,  you can use a cache of Ignite, a third-party database,
or other tools appropriate to your case.

сб, 28 нояб. 2020 г. в 06:16, Vishwas Bm <bmvishwas@gmail.com>:

> Hi Denis,
>
>
> Thanks for the reply.
> Yes I was looking for a way to spread the security context to all cluster
> nodes when a thin client(sqlline) gets authenticated.
> I tried to see if I can use node attributes or user attributes to pass the
> information to other nodes. When a cluster of ignite server is already
> formed, this will not help as attributes will not be available on remote
> nodes.
>
> The node attributes cannot be changed at run time and the attributes will
> be available to remote nodes only when they join the cluster.
>
> So I wanted to know, if there is any other way to do this ?
> I checked your poc PR for reference,
> https://github.com/apache/ignite/pull/7375
>
> In thin client case authenticate node will not be called but authenticate
> method is getting called.
>
>
> Regards,
> Vishwas
>
>
> On Fri, 27 Nov, 2020, 14:29 Denis Garus, <garus.d.g@gmail.com> wrote:
>
> > Hello!
> >
> >
> > If I understood your problem correctly, you need to make a thin client's
> > security context allowed on a remote node.
> >
> > When a security plugin does authenticate a thin client, it should spread
> > the thin client's security context on the cluster.
> >
> > How a security context will be transmitted to a remote node is up to the
> > plugin's developers.
> >
> > Also, you have to implement the
> GridSecurityProcessor.securityContext(UUID
> > subjId) method,
> >
> > the way this method is used in Ignite can see in the task description
> [1].
> >
> >
> >
> >
> >    1. https://issues.apache.org/jira/browse/IGNITE-12759
> >
> >
> > чт, 26 нояб. 2020 г. в 10:01, Vishwas Bm <bmvishwas@gmail.com>:
> >
> > > Hi,
> > >
> > > I was facing an issue with a custom security plugin and thin remote
> > client.
> > > I am using Ignite 2.9.0 version and I am hitting below issue
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/IEP-41%3A+Security+Context+of+thin+client+on+remote+nodes
> > >
> > >
> > > I had asked the question in the user listing but unfortunately I did
> not
> > > get any reply.
> > > So I am posting this question here:
> > >
> > >
> > >
> >
> http://apache-ignite-users.70518.x6.nabble.com/Query-on-implementing-GridSecurityProcessor-td34672.html
> > >
> > >
> > > *Thanks & Regards,*
> > >
> > > *Vishwas *
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message