> I just transmitted security subjects for rest requests. SecurityContext has an unlimited size so we can get significant overhead. And we do not solve problems with other thin clients.
>If you remove ATTR_SECURITY_SUBJECT_V2, it breaks compatibility between old versions and new. I suggest removing ATTR_SECURITY_SUBJECT_V2 from Ignite's codebase, but for compatibility, it can be used by a security plugin like in PoC. чт, 20 февр. 2020 г. в 16:47, Maksim Stepachev <maksim.stepac...@gmail.com>: > Yes, I said about it at 07.19. > > http://apache-ignite-developers.2346864.n4.nabble.com/Improvements-for-new-security-approach-td42698.html#a42708 > And in my solution, I just transmitted security subjects for rest requests. > > If you remove ATTR_SECURITY_SUBJECT_V2, it breaks compatibility between old > versions and new. > > чт, 20 февр. 2020 г. в 15:56, Denis Garus <garus....@gmail.com>: > > > Hi, Igniters! > > > > > > At present, a security subject id is assumed to be node id. > > > > But when we are dealing with thin client, JDBC or REST subject id is > random > > UUID. In this case, we cannot get the subject information on a remote > node, > > and we get problems like these [1], [2]. > > > > To fix the problem, we should spread the client session to the whole > > cluster. > > > > > > I want to suggest a solution to the problem. > > > > > > First, we should get subject information using GridSecurityProcessor. > > > > How GridSecurityProcessor will retrieve a subject data, it is up to > plugin > > developers. > > > > > > Second, we should get rid of the assumption that a subject id is a node > id > > and remove the ATTR_SECURITY_SUBJECT_V2 attribute. > > > > > > I have prepared PoC PR [3] that: > > > > - places the existing logic of spreading security context to > > GridSecurityProcessor; > > > > - uses GridSecurityProcessor to get SecurityContext. > > > > > > > > 1. > > > > > http://apache-ignite-developers.2346864.n4.nabble.com/JDBC-thin-client-incorrect-security-context-td45929.html > > 2. https://issues.apache.org/jira/browse/IGNITE-12589 > > 3. https://github.com/apache/ignite/pull/7375 > > >
