icode opened a new issue, #12005:
URL: https://github.com/apache/ignite/issues/12005
`ignite.context().security().withContext` function can bypass security
plugins!
`ignite.context().security().withContext` should call `authenticate(context:
AuthenticationContext)` function!
```kotlin
ignite.context().security().withContext((ignite.cluster().forRemotes().node()
?: ignite.localNode()).id())
// then can query not authenticated cache
val cache = ignite.cache<String, Any>("DataSource")
// this `size` function not call `authenticate(context:
AuthenticationContext)`
println("1. //////////////////////////// ${cache.size()}")
try {
// this `forEach` function not call `authenticate(context:
AuthenticationContext)`
cache.forEach {
println(it)
}
} catch (e: Exception) {
println("e. ////////////////////////////")
e.printStackTrace()
}
println("2. ////////////////////////////")
```
```kotlin
override fun authenticatedSubject(subjId: UUID): SecuritySubject? {
val n = ctx.discovery().node(subjId)
if (n != null) {
return this.nodeSecurityContext(n)!!.subject()
}
}
private fun nodeSecurityContext(node: ClusterNode): SecurityContextImpl?
{
val subjBytesV2 =
node.attribute<Any?>(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2) as
ByteArray?
if (subjBytesV2 == null) {
val subj = SecuritySubjectImpl(
node.id(),
SecuritySubjectType.REMOTE_NODE,
address = InetSocketAddress(node.addresses().first(), 0),
permissions = SecurityPermissionSetBuilder.ALL_PERMISSIONS,
nodeId = node.id()
)
return SecurityContextImpl(subj)
} else {
return U.unmarshal<Any?>(
this.marsh,
subjBytesV2,
U.resolveClassLoader(ctx.config())
) as SecurityContextImpl?
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@ignite.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
