[
https://issues.apache.org/jira/browse/IGNITE-11346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16848762#comment-16848762
]
Ivan Bessonov commented on IGNITE-11346:
----------------------------------------
Hi [~Maxoid],
I added several comments in your PR, please check them. Please also merge
latest master and rerun tests, we have to be sure that your changes don't break
anything and that your new test passes. Thank you!
> Remote client authentication failed for the CommandHandler in the case where
> it optional on the server
> ------------------------------------------------------------------------------------------------------
>
> Key: IGNITE-11346
> URL: https://issues.apache.org/jira/browse/IGNITE-11346
> Project: Ignite
> Issue Type: Bug
> Components: clients, security, thin client
> Affects Versions: 2.7
> Reporter: Maxim Karavaev
> Assignee: Maxim Karavaev
> Priority: Minor
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> h2. Preposition:
> Custom _GridSecurityProcessor_ implementation allows optional authentication.
> With other words, if some credentials are presents then authentication
> performed, otherwise - not (some restricted SecurityContext returned).
> REST API works fine. If credentials are present or the auth request was made
> then the auth works as desired, if not - it also works but only for some
> authorized requests.
> h2. The problem:
> _CommandHandler_ which is used for controlling a cluster through the CLI
> script _command.sh|bat_ doesn't respect credential parameters and sends auth
> request only in case of authentication exception for a regular request. In
> the described case of optional authentication it never happens, so the result
> always depends on the "default" Permissions.
> h2. Possible solution:
> Change _GridClientNioTcpConnection_ to always send first an auth request in
> case of provided credentials.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
