Hi Denis, Thanks for the suggestion.
I was trying to implement the approach of using the cache to store the thin clients security context. Below is the approach, I wanted to follow: 1) Add the thin client secCtx to cache during authentication time. 2) Retrieve the thin client secCtx using subjId in the new method to be overridden: GridSecurityProcessor.securityContext(UUID subjId) method, 3) Remove the entry from the cache during the onSessionExpired method call. 4) Remove the entry from the cache during the onDisconnected() method call. ** I am not sure if I have to handle anything extra for onReconnected(), as I see again the authenticate method gets called. Can you please let me know if the above steps are OK or do I need to handle any other case ? *Thanks & Regards,* *Vishwas * On Mon, Nov 30, 2020 at 2:11 PM Denis Garus <garus....@gmail.com> wrote: > Hi! > > Node attributes can't be used to spread a thin client's security context. > For this purpose, you can use a cache of Ignite, a third-party database, > or other tools appropriate to your case. > > сб, 28 нояб. 2020 г. в 06:16, Vishwas Bm <bmvish...@gmail.com>: > > > Hi Denis, > > > > > > Thanks for the reply. > > Yes I was looking for a way to spread the security context to all cluster > > nodes when a thin client(sqlline) gets authenticated. > > I tried to see if I can use node attributes or user attributes to pass > the > > information to other nodes. When a cluster of ignite server is already > > formed, this will not help as attributes will not be available on remote > > nodes. > > > > The node attributes cannot be changed at run time and the attributes will > > be available to remote nodes only when they join the cluster. > > > > So I wanted to know, if there is any other way to do this ? > > I checked your poc PR for reference, > > https://github.com/apache/ignite/pull/7375 > > > > In thin client case authenticate node will not be called but authenticate > > method is getting called. > > > > > > Regards, > > Vishwas > > > > > > On Fri, 27 Nov, 2020, 14:29 Denis Garus, <garus....@gmail.com> wrote: > > > > > Hello! > > > > > > > > > If I understood your problem correctly, you need to make a thin > client's > > > security context allowed on a remote node. > > > > > > When a security plugin does authenticate a thin client, it should > spread > > > the thin client's security context on the cluster. > > > > > > How a security context will be transmitted to a remote node is up to > the > > > plugin's developers. > > > > > > Also, you have to implement the > > GridSecurityProcessor.securityContext(UUID > > > subjId) method, > > > > > > the way this method is used in Ignite can see in the task description > > [1]. > > > > > > > > > > > > > > > 1. https://issues.apache.org/jira/browse/IGNITE-12759 > > > > > > > > > чт, 26 нояб. 2020 г. в 10:01, Vishwas Bm <bmvish...@gmail.com>: > > > > > > > Hi, > > > > > > > > I was facing an issue with a custom security plugin and thin remote > > > client. > > > > I am using Ignite 2.9.0 version and I am hitting below issue > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/IGNITE/IEP-41%3A+Security+Context+of+thin+client+on+remote+nodes > > > > > > > > > > > > I had asked the question in the user listing but unfortunately I did > > not > > > > get any reply. > > > > So I am posting this question here: > > > > > > > > > > > > > > > > > > http://apache-ignite-users.70518.x6.nabble.com/Query-on-implementing-GridSecurityProcessor-td34672.html > > > > > > > > > > > > *Thanks & Regards,* > > > > > > > > *Vishwas * > > > > > > > > > >