Hi Denis,
Thanks for the suggestion.
I was trying to implement the approach of using the cache to store the thin
clients security context.
Below is the approach, I wanted to follow:
1) Add the thin client secCtx to cache during authentication time.
2) Retrieve the thin client secCtx using subjId in the new method to be
overridden:
GridSecurityProcessor.securityContext(UUID subjId) method,
3) Remove the entry from the cache during the onSessionExpired method call.
4) Remove the entry from the cache during the onDisconnected() method call.
** I am not sure if I have to handle anything extra for onReconnected(),
as I see again the authenticate method gets called.
Can you please let me know if the above steps are OK or do I need to handle
any other case ?
*Thanks & Regards,*
*Vishwas *
On Mon, Nov 30, 2020 at 2:11 PM Denis Garus <garus....@gmail.com> wrote:
> Hi!
>
> Node attributes can't be used to spread a thin client's security context.
> For this purpose, you can use a cache of Ignite, a third-party database,
> or other tools appropriate to your case.
>
> сб, 28 нояб. 2020 г. в 06:16, Vishwas Bm <bmvish...@gmail.com>:
>
> > Hi Denis,
> >
> >
> > Thanks for the reply.
> > Yes I was looking for a way to spread the security context to all cluster
> > nodes when a thin client(sqlline) gets authenticated.
> > I tried to see if I can use node attributes or user attributes to pass
> the
> > information to other nodes. When a cluster of ignite server is already
> > formed, this will not help as attributes will not be available on remote
> > nodes.
> >
> > The node attributes cannot be changed at run time and the attributes will
> > be available to remote nodes only when they join the cluster.
> >
> > So I wanted to know, if there is any other way to do this ?
> > I checked your poc PR for reference,
> > https://github.com/apache/ignite/pull/7375
> >
> > In thin client case authenticate node will not be called but authenticate
> > method is getting called.
> >
> >
> > Regards,
> > Vishwas
> >
> >
> > On Fri, 27 Nov, 2020, 14:29 Denis Garus, <garus....@gmail.com> wrote:
> >
> > > Hello!
> > >
> > >
> > > If I understood your problem correctly, you need to make a thin
> client's
> > > security context allowed on a remote node.
> > >
> > > When a security plugin does authenticate a thin client, it should
> spread
> > > the thin client's security context on the cluster.
> > >
> > > How a security context will be transmitted to a remote node is up to
> the
> > > plugin's developers.
> > >
> > > Also, you have to implement the
> > GridSecurityProcessor.securityContext(UUID
> > > subjId) method,
> > >
> > > the way this method is used in Ignite can see in the task description
> > [1].
> > >
> > >
> > >
> > >
> > > 1. https://issues.apache.org/jira/browse/IGNITE-12759
> > >
> > >
> > > чт, 26 нояб. 2020 г. в 10:01, Vishwas Bm <bmvish...@gmail.com>:
> > >
> > > > Hi,
> > > >
> > > > I was facing an issue with a custom security plugin and thin remote
> > > client.
> > > > I am using Ignite 2.9.0 version and I am hitting below issue
> > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/IEP-41%3A+Security+Context+of+thin+client+on+remote+nodes
> > > >
> > > >
> > > > I had asked the question in the user listing but unfortunately I did
> > not
> > > > get any reply.
> > > > So I am posting this question here:
> > > >
> > > >
> > > >
> > >
> >
> http://apache-ignite-users.70518.x6.nabble.com/Query-on-implementing-GridSecurityProcessor-td34672.html
> > > >
> > > >
> > > > *Thanks & Regards,*
> > > >
> > > > *Vishwas *
> > > >
> > >
> >
>
