From issues-return-96311-archive-asf-public=cust-asf.ponee.io@ignite.apache.org Wed May 29 13:22:03 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 17BAF18072F for ; Wed, 29 May 2019 15:22:02 +0200 (CEST) Received: (qmail 66487 invoked by uid 500); 29 May 2019 13:22:02 -0000 Mailing-List: contact issues-help@ignite.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ignite.apache.org Delivered-To: mailing list issues@ignite.apache.org Received: (qmail 66473 invoked by uid 99); 29 May 2019 13:22:02 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 May 2019 13:22:02 +0000 Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A881EE2AD2 for ; Wed, 29 May 2019 13:22:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 0F99A245AF for ; Wed, 29 May 2019 13:22:01 +0000 (UTC) Date: Wed, 29 May 2019 13:22:01 +0000 (UTC) From: "Maxim Karavaev (JIRA)" To: issues@ignite.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Comment Edited] (IGNITE-11346) Remote client authentication failed for the CommandHandler in the case where it optional on the server MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/IGNITE-11346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850838#comment-16850838 ] Maxim Karavaev edited comment on IGNITE-11346 at 5/29/19 1:21 PM: ------------------------------------------------------------------ Hi [~ibessonov] , Done. was (Author: maxoid): Hi [~ibessonov] , > Remote client authentication failed for the CommandHandler in the case where it optional on the server > ------------------------------------------------------------------------------------------------------ > > Key: IGNITE-11346 > URL: https://issues.apache.org/jira/browse/IGNITE-11346 > Project: Ignite > Issue Type: Bug > Components: clients, security, thin client > Affects Versions: 2.7 > Reporter: Maxim Karavaev > Assignee: Maxim Karavaev > Priority: Minor > Time Spent: 1.5h > Remaining Estimate: 0h > > h2. Preposition: > Custom _GridSecurityProcessor_ implementation allows optional authentication. With other words, if some credentials are presents then authentication performed, otherwise - not (some restricted SecurityContext returned). > REST API works fine. If credentials are present or the auth request was made then the auth works as desired, if not - it also works but only for some authorized requests. > h2. The problem: > _CommandHandler_ which is used for controlling a cluster through the CLI script _command.sh|bat_ doesn't respect credential parameters and sends auth request only in case of authentication exception for a regular request. In the described case of optional authentication it never happens, so the result always depends on the "default" Permissions. > h2. Possible solution: > Change _GridClientNioTcpConnection_ to always send first an auth request in case of provided credentials. -- This message was sent by Atlassian JIRA (v7.6.3#76005)