ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Garus <garus....@gmail.com>
Subject Re: Unable to get the security context
Date Fri, 05 Jul 2019 07:53:02 GMT
Hi, Radha Jai!
You should update your master branch AI.
Today we don't have the SecurityContextHolder class, but we have a
guaranty, that SecurityContext argument in the authorize method will not be
null.
Good luck!

ср, 29 мая 2019 г. в 08:00, radha jai <jairadhahare@gmail.com>:

> Hi,
>  I have implemented the grid security processor and setting the
> securityconext holder in the authenticate function as below,
>
> public class MySecurityProcessor extends GridProcessorAdapter implements
> DiscoverySpiNodeAuthenticator, GridSecurityProcessor, IgnitePlugin
> {
>
> ................
> public SecurityContext authenticate(AuthenticationContext
> authenticationContext) throws IgniteCheckedException
> {
>        SecuritySubject secureSecuritySubject = new SecuritySubject(
>             authenticationContext.subjectId(),
>             authenticationContext.subjectType(),
>             authenticationContext.credentials().getLogin(),
>             authenticationContext.address()
>     );
>     SecurityContext securityContext = new
>  MySecurityContext(secureSecuritySubject, accessToken);
>     SecurityContextHolder.set(securityContext);
>     return securityContext;
> }
> public void authorize(String name, SecurityPermission perm, SecurityContext
> securityCtx) throws SecurityException {
>     System.out.println(   SecurityContextHolder.get());
>     System.out.println( securityCtx );
>     //do some authorization
>      .....................
> }
>
> public boolean isGlobalNodeAuthentication() {
> // TODO Auto-generated method stub
> return false;
> }
> ..............
> }
> In plugin provider i am creating the component : GridSecurityProcessor.
> During Rest api call:
> -> when rest call is made authorise function in the security processor is
> getting called twice one by the GridRestProcessor and another
> GridCacheProcessor, is it mandatory to call that twice? When authorise
> function is called by the GridRestProcessor security context is available
> but when the GridCacheProcessor is called security context is coming as
> null always. Hence the security context is not available in the authorise
> function. So i used the SecurityContextHolder.get() to get the security
> context.
> But for some of the commands SecurityContextHolder.get() is not working
> like prepend and append.
>
> -> When cache create and cache destroy is made, authorise function is
> receiving the name as NULL. Why is it so? Because based on the name i am
> trying to validate wheather the user is allowed to perform this action
>
> During Sqlline access:
> -> authorise function receive the security context as NULL always . So used
> the SecurityContextHolder.get() , but still getting NULL. How do i get the
> context?
>    -> While performing create table and drop table, the authorise function
> is receiving the name as NULL.
>
> One last question: when the security context is null(during rest call or
> sqlline access), can we use the local node context in the authorise
> function?
>
>
> Regards
> Radha
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message