Hi, Radha Jai! You should update your master branch AI. Today we don't have the SecurityContextHolder class, but we have a guaranty, that SecurityContext argument in the authorize method will not be null. Good luck!
ср, 29 мая 2019 г. в 08:00, radha jai <[email protected]>: > Hi, > I have implemented the grid security processor and setting the > securityconext holder in the authenticate function as below, > > public class MySecurityProcessor extends GridProcessorAdapter implements > DiscoverySpiNodeAuthenticator, GridSecurityProcessor, IgnitePlugin > { > > ................ > public SecurityContext authenticate(AuthenticationContext > authenticationContext) throws IgniteCheckedException > { > SecuritySubject secureSecuritySubject = new SecuritySubject( > authenticationContext.subjectId(), > authenticationContext.subjectType(), > authenticationContext.credentials().getLogin(), > authenticationContext.address() > ); > SecurityContext securityContext = new > MySecurityContext(secureSecuritySubject, accessToken); > SecurityContextHolder.set(securityContext); > return securityContext; > } > public void authorize(String name, SecurityPermission perm, SecurityContext > securityCtx) throws SecurityException { > System.out.println( SecurityContextHolder.get()); > System.out.println( securityCtx ); > //do some authorization > ..................... > } > > public boolean isGlobalNodeAuthentication() { > // TODO Auto-generated method stub > return false; > } > .............. > } > In plugin provider i am creating the component : GridSecurityProcessor. > During Rest api call: > -> when rest call is made authorise function in the security processor is > getting called twice one by the GridRestProcessor and another > GridCacheProcessor, is it mandatory to call that twice? When authorise > function is called by the GridRestProcessor security context is available > but when the GridCacheProcessor is called security context is coming as > null always. Hence the security context is not available in the authorise > function. So i used the SecurityContextHolder.get() to get the security > context. > But for some of the commands SecurityContextHolder.get() is not working > like prepend and append. > > -> When cache create and cache destroy is made, authorise function is > receiving the name as NULL. Why is it so? Because based on the name i am > trying to validate wheather the user is allowed to perform this action > > During Sqlline access: > -> authorise function receive the security context as NULL always . So used > the SecurityContextHolder.get() , but still getting NULL. How do i get the > context? > -> While performing create table and drop table, the authorise function > is receiving the name as NULL. > > One last question: when the security context is null(during rest call or > sqlline access), can we use the local node context in the authorise > function? > > > Regards > Radha >
