[ https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stepachev Maksim updated IGNITE-13112: -------------------------------------- Reviewer: Stepachev Maksim > The current security context should be obtained using the IgniteSecurity > interface only. > ---------------------------------------------------------------------------------------- > > Key: IGNITE-13112 > URL: https://issues.apache.org/jira/browse/IGNITE-13112 > Project: Ignite > Issue Type: Bug > Components: cache, security > Affects Versions: 2.8.1 > Reporter: Denis Garus > Assignee: Denis Garus > Priority: Major > Labels: iep-41 > Time Spent: 4h 50m > Remaining Estimate: 0h > > For getting the current security context, we have to use the IgniteSecurity > interface only. > We need to get rid of all other ways to transfer a security subject id. > h4. Suggested implementation > If Ignite Security (IS) is enabled, then executors, accessed through the > {{PoolProcessor}}, are wrapped to a security-aware implementation. > Security-aware implementation sets proper security context for tasks that the > executor performs. > The field subject id was deleted from communication requests for cache and > compute operations; a remote node gets the subject id that initiates the > ignite operation from {{GridIoSecurityAwareMessage}}. {{IgniteSecurity}} uses > this id to set a proper security context during the execution of the request. > Remove {{GridTaskThreadContextKey#TC_SUBJ_ID}}, > {{GridCacheContext#subjectIdPerCall}}; a consumer has to obtain a current > security subject id through {{IgniteSecurity}} or the set of > {{SecurityUtils}} methods. > For all events that include the subject id field, are set the following rule. > If IS is enabled, this field must contain a subject id that initiates an > ignite operation, otherwise null. > Implement {{SecurityAwareCustomMessageWrapper}} for discovery requests that > act as {{GridIoSecurityAwareMessage}} for communication requests. It allows > setting proper context during the discovery message execution. > Implement {{SecurityAwareGridRestCommandHandler}} to allow > {{GridRestProcessor}} to execute all client requests with the proper security > context. -- This message was sent by Atlassian Jira (v8.3.4#803005)