ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryabov Dmitrii (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (IGNITE-12049) Allow custom authenticators to use SSL certificates
Date Mon, 18 Nov 2019 14:57:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-12049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16976604#comment-16976604
] 

Ryabov Dmitrii edited comment on IGNITE-12049 at 11/18/19 2:56 PM:
-------------------------------------------------------------------

[~ascherbakov], thank you for review.
{quote}1. For "normal" cluster nodes attributes are already available using ClusterNode.attributes
and user can just set any attribute and use it in custom authenticator without any changes
in core by implementing [1].

Do I understand correctly the fix is only relevant for thin clients authenticated using [2]
and not having associated local attributes ? 
 Shouldn't we instead provide the ability for thin clients to have attributes and avoid changing
IgniteConfiguration ?
{quote}
The problem is that user can use different certificates for node-to-node connection and put
inside attributes. For "normal" cluster nodes we put certificates from SSL connection into
attributes. For thin clients we do the same.
 For local authentication we don't need certificates because there is no node-to-node connection.
{quote}2. Why the new attribute is not available during authentication for jdbc/odbc client
types ?
{quote}
I missed it. Work in progress.
{quote}3. Can you create an example of using custom authenticator with certificates ?
{quote}
I made tests in {{SslCertificatesCheckTest}}. Tests use {{TestSslSecurityProcessor}}, which
checks certificates during authentication.


was (Author: somefire):
[~ascherbakov], thank you for review.
{quote}1. For "normal" cluster nodes attributes are already available using ClusterNode.attributes
and user can just set any attribute and use it in custom authenticator without any changes
in core by implementing [1].

Do I understand correctly the fix is only relevant for thin clients authenticated using [2]
and not having associated local attributes ? 
 Shouldn't we instead provide the ability for thin clients to have attributes and avoid changing
IgniteConfiguration ?
{quote}
The problem is that user can use different certificates for node-to-node connection and put
inside attributes. For "normal" cluster nodes we put certificates from SSL connection into
attributes. For thin clients we do the same.
 For local authentication we don't need certificates because there is no node-to-node connection.
{quote}2. Why the new attribute is not available during authentication for jdbc/odbc client
types ?
{quote}
I missed it. Work in progress.
{quote}3. Can you create an example of using custom authenticator with certificates ?
{quote}
I made tests in SslCertificatesCheckTest. Tests use TestSslSecurityProcessor, which checks
certificates during authentication.

> Allow custom authenticators to use SSL certificates
> ---------------------------------------------------
>
>                 Key: IGNITE-12049
>                 URL: https://issues.apache.org/jira/browse/IGNITE-12049
>             Project: Ignite
>          Issue Type: Improvement
>            Reporter: Ryabov Dmitrii
>            Assignee: Ryabov Dmitrii
>            Priority: Minor
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> Add SSL certificates to AuthenticationContext, so, authenticators can make additional
checks based on SSL certificates.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message