Hi, IgniteCache.query() method requires CACHE_READ permission, but looks like all JDBC clients bypass security checks.
On Mon, Oct 30, 2017 at 5:27 PM, calebs <caleb.s...@gmail.com> wrote: > Hi Andrew, > > Then, does JDBC "thick" client have the support security plugin? The > security includes User Authentication and Authorization. > > In GridCacheContext, I see the following method > > /** > * @param op Operation to check. > * @throws SecurityException If security check failed. > */ > public void checkSecurity(SecurityPermission op) throws > SecurityException { > if (CU.isSystemCache(name())) > return; > > ctx.security().authorize(name(), op, null); > } > > where it calls security plugin's authorize method without passing user's > SecurityContext. I wonder when and where the security context is used for > any permission like CACHE_PUT & CACHE_READ. > > > > -- > Sent from: http://apache-ignite-users.70518.x6.nabble.com/ > -- Best regards, Andrey V. Mashenkov