ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan Bessonov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-11346) Remote client authentication failed for the CommandHandler in the case where it optional on the server
Date Mon, 27 May 2019 09:35:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-11346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16848762#comment-16848762
] 

Ivan Bessonov commented on IGNITE-11346:
----------------------------------------

Hi [~Maxoid],

I added several comments in your PR, please check them. Please also merge latest master and
rerun tests, we have to be sure that your changes don't break anything and that your new test
passes. Thank you!

> Remote client authentication failed for the CommandHandler in the case where it optional
on the server
> ------------------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-11346
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11346
>             Project: Ignite
>          Issue Type: Bug
>          Components: clients, security, thin client
>    Affects Versions: 2.7
>            Reporter: Maxim Karavaev
>            Assignee: Maxim Karavaev
>            Priority: Minor
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> h2. Preposition:
> Custom _GridSecurityProcessor_ implementation allows optional authentication. With other
words, if some credentials are presents then authentication performed, otherwise - not (some
restricted SecurityContext returned). 
> REST API works fine. If credentials are present or the auth request was made then the
auth works as desired, if not - it also works but only for some authorized requests.
> h2. The problem:
> _CommandHandler_ which is used for controlling a cluster through the CLI script _command.sh|bat_
doesn't respect credential parameters and sends auth request only in case of authentication
exception for a regular request. In the described case of optional authentication it never
happens, so the result always depends on the "default" Permissions.
> h2. Possible solution:
> Change _GridClientNioTcpConnection_ to always send first an auth request in case of provided
credentials.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message