ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepachev Maksim (Jira)" <j...@apache.org>
Subject [jira] [Updated] (IGNITE-11992) Improvements for new security approach
Date Mon, 30 Sep 2019 10:09:00 GMT

     [ https://issues.apache.org/jira/browse/IGNITE-11992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Stepachev Maksim updated IGNITE-11992:
--------------------------------------
    Description: 
1. The visor tasks lost permission. 
The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
2. The GridRestProcessor does tasks outside "withContext" section. As result context loses.
3. The GridRestProcessor isn't client, we can't read security subject from node attribute.

We should transmit secCtx for fake nodes and secSubjId for real. 

In additional: 

Change a java docs for TaskEvent, CacheEvent, CacheQueryExecutedEvent and
CacheQueryReadEvent.
"Gets security subject ID initiated this task event, if available.
This property is not available for GridEventType#EVT_TASK_SESSION_ATTR_SET
task event.
Subject ID will be set either to node ID or client ID initiated task
execution."

by:
"Gets security subject ID initiated this task event if IgniteSecurity is
enabled, otherwise returns null."

 

  was:
1. The visor tasks lost permission. 
 The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
 3. The GridRestProcessor does tasks outside "withContext" section. As result context loses.
 4. The GridRestProcessor isn't client, we can't read security subject from node attribute.

 We should transmit secCtx for fake nodes and secSubjId for real.


> Improvements for new security approach
> --------------------------------------
>
>                 Key: IGNITE-11992
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11992
>             Project: Ignite
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.8
>            Reporter: Stepachev Maksim
>            Assignee: Stepachev Maksim
>            Priority: Major
>             Fix For: 2.8
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> 1. The visor tasks lost permission. 
> The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses context.
> 2. The GridRestProcessor does tasks outside "withContext" section. As result context
loses.
> 3. The GridRestProcessor isn't client, we can't read security subject from node attribute.

> We should transmit secCtx for fake nodes and secSubjId for real. 
> In additional: 
> Change a java docs for TaskEvent, CacheEvent, CacheQueryExecutedEvent and
> CacheQueryReadEvent.
> "Gets security subject ID initiated this task event, if available.
> This property is not available for GridEventType#EVT_TASK_SESSION_ATTR_SET
> task event.
> Subject ID will be set either to node ID or client ID initiated task
> execution."
> by:
> "Gets security subject ID initiated this task event if IgniteSecurity is
> enabled, otherwise returns null."
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message