Hi, Igniters!
At present, a security subject id is assumed to be node id. But when we are dealing with thin client, JDBC or REST subject id is random UUID. In this case, we cannot get the subject information on a remote node, and we get problems like these [1], [2]. To fix the problem, we should spread the client session to the whole cluster. I want to suggest a solution to the problem. First, we should get subject information using GridSecurityProcessor. How GridSecurityProcessor will retrieve a subject data, it is up to plugin developers. Second, we should get rid of the assumption that a subject id is a node id and remove the ATTR_SECURITY_SUBJECT_V2 attribute. I have prepared PoC PR [3] that: - places the existing logic of spreading security context to GridSecurityProcessor; - uses GridSecurityProcessor to get SecurityContext. 1. http://apache-ignite-developers.2346864.n4.nabble.com/JDBC-thin-client-incorrect-security-context-td45929.html 2. https://issues.apache.org/jira/browse/IGNITE-12589 3. https://github.com/apache/ignite/pull/7375