ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan Bessonov (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (IGNITE-9472) REST API has no permission checks for cluster activation/deactivation
Date Thu, 06 Sep 2018 08:09:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-9472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16604399#comment-16604399
] 

Ivan Bessonov edited comment on IGNITE-9472 at 9/6/18 8:08 AM:
---------------------------------------------------------------

[~ilantukh], thank you!

I started tests on Ignite TeamCity, results are not available yet.

Considering test for the functionality - test isn't written because "ctx.security().authorize(...)"
does nothing by default in Ignite and making dummy test didn't make sense to me.


was (Author: ibessonov):
[~ilantukh], thank you!

I started tests on Ignite TeamCity, results are not available yet.

Considering test for the functionality - complex test with GridClient will be available in corresponding
GridGain branch, it's already written and waits for this ticket to be resolved. It can't be
done here because "ctx.security().authorize(...)" does nothing by default in Ignite.

> REST API has no permission checks for cluster activation/deactivation
> ---------------------------------------------------------------------
>
>                 Key: IGNITE-9472
>                 URL: https://issues.apache.org/jira/browse/IGNITE-9472
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Ivan Bessonov
>            Assignee: Ivan Bessonov
>            Priority: Major
>             Fix For: 2.7
>
>
> ADMIN_OPS permission should be required for CLUSTER_ACTIVE / CLUSTER_INACTIVE commands.
This has to be done in GridRestProcessor.authorize method.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message