ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ignite TC Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-11992) Improvements for new security approach
Date Thu, 18 Jul 2019 11:29:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-11992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16887890#comment-16887890
] 

Ignite TC Bot commented on IGNITE-11992:
----------------------------------------

{panel:title=--&gt; Run :: All: No blockers found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
[TeamCity *--&gt; Run :: All* Results|https://ci.ignite.apache.org/viewLog.html?buildId=4345271&amp;buildTypeId=IgniteTests24Java8_RunAll]

> Improvements for new security approach
> --------------------------------------
>
>                 Key: IGNITE-11992
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11992
>             Project: Ignite
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.8
>            Reporter: Stepachev Maksim
>            Assignee: Stepachev Maksim
>            Priority: Major
>             Fix For: 2.8
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> 1. ZookeaperDiscoveryImpl doesn't implement security into itself.
>  As a result: Caused by: class org.apache.ignite.spi.IgniteSpiException: Security context
isn't certain.
> 2. The visor tasks lost permission. 
>  The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
> 3. The GridRestProcessor does tasks outside "withContext" section. As result context
loses.
> 4. The GridRestProcessor isn't client, we can't read security subject from node attribute.

>  We should transmit secCtx for fake nodes and secSubjId for real.
> 5. NoOpIgniteSecurityProcessor should include a disabled processor and validate it too
if it is not null. It is important for a client node. 
> For example:
> Into IgniteKernal#securityProcessor method createComponent return a GridSecurityProcessor.
For server nodes are enabled, but for clients aren't. The clients aren't able to pass validation
for this reason. 
> 6. ATTR_SECURITY_SUBJECT was removed. It broke compatibility.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message