ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vishwas Bm <bmvish...@gmail.com>
Subject Re: Issue with custom security plugin and thin clients
Date Sat, 28 Nov 2020 03:15:58 GMT
Hi Denis,


Thanks for the reply.
Yes I was looking for a way to spread the security context to all cluster
nodes when a thin client(sqlline) gets authenticated.
I tried to see if I can use node attributes or user attributes to pass the
information to other nodes. When a cluster of ignite server is already
formed, this will not help as attributes will not be available on remote
nodes.

The node attributes cannot be changed at run time and the attributes will
be available to remote nodes only when they join the cluster.

So I wanted to know, if there is any other way to do this ?
I checked your poc PR for reference,
https://github.com/apache/ignite/pull/7375

In thin client case authenticate node will not be called but authenticate
method is getting called.


Regards,
Vishwas


On Fri, 27 Nov, 2020, 14:29 Denis Garus, <garus.d.g@gmail.com> wrote:

> Hello!
>
>
> If I understood your problem correctly, you need to make a thin client's
> security context allowed on a remote node.
>
> When a security plugin does authenticate a thin client, it should spread
> the thin client's security context on the cluster.
>
> How a security context will be transmitted to a remote node is up to the
> plugin's developers.
>
> Also, you have to implement the GridSecurityProcessor.securityContext(UUID
> subjId) method,
>
> the way this method is used in Ignite can see in the task description [1].
>
>
>
>
>    1. https://issues.apache.org/jira/browse/IGNITE-12759
>
>
> чт, 26 нояб. 2020 г. в 10:01, Vishwas Bm <bmvishwas@gmail.com>:
>
> > Hi,
> >
> > I was facing an issue with a custom security plugin and thin remote
> client.
> > I am using Ignite 2.9.0 version and I am hitting below issue
> >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/IEP-41%3A+Security+Context+of+thin+client+on+remote+nodes
> >
> >
> > I had asked the question in the user listing but unfortunately I did not
> > get any reply.
> > So I am posting this question here:
> >
> >
> >
> http://apache-ignite-users.70518.x6.nabble.com/Query-on-implementing-GridSecurityProcessor-td34672.html
> >
> >
> > *Thanks & Regards,*
> >
> > *Vishwas *
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message