[
https://issues.apache.org/jira/browse/IGNITE-13113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17127252#comment-17127252
]
Veena Mithare commented on IGNITE-13113:
----------------------------------------
HI Team,
The Jira IGNITE-12781 was created by me. To tackle the issue till this node is
fixed I have used the approach as below . Kindly confirm if you see any
concerns with this :
# If the cacheevent holds the subject id of the remoteclient, then fetch it
using getSpiContext().authenticatedSubject(uuid ) method. ( This in turn will
check the AuthenticationContext.context() and match the subjectId in of the
event with the one in the AuthenticationContext.context() )
# If it holds the subjectId of the node instead of the remoteclient( In this
case, the subject returned by point 1 will be null ) -
## Create a cache( transactionIdToSubjectCache) that holds xid vs security
subject information where xid is the id of the transaction started event. The
subject Id on this event always holds the remote client id for cache put events
generated on dbeaver.
## When a cacheput event is sent to the storage spi - match the xid as follows
### Get the subject from transactionIdToSubjectCache using the xid.
### If the above is null, get the originating xid of the event xid and get the
subject using the originating xid.
I am able to get the subject using this approach- could you kindly verify if I
am missing anything.
Here is a pseudo code :
public class AuditSpi extends IgniteSpiAdapter implements EventStorageSpi {
private IgniteCache<IgniteUuid, SecuritySubject>
transactionIdSubjectMapCache;
@Override
public void record(Event evt) throws IgniteSpiException {
assert evt != null;
ignite = Ignition.ignite(igniteInstanceName);
transactionIdSubjectMapCache =
ignite.cache("transactionIdSubjectMapCache");
// Filter out events.
if (evt instanceof TransactionStateChangedEvent && (evt.type()
== EventType.EVT_TX_STARTED
)) {
if (AuthorizationContext.context() != null)
{ transactionIdSubjectMapCache
.put(((TransactionStateChangedEvent) evt).tx().xid(),
((ProphetAuthorizationContext) AuthorizationContext.context())
.subject()); }
return;
}
if (evt instanceof CacheEvent) {
SecuritySubject subj = ((CacheEvent) evt).subjectId() != null
? getSpiContext().authenticatedSubject(((CacheEvent)
evt).subjectId())
: null;
IgniteUuid transactionId = null;
if (subj == null)
{ //Send the transactionId field. This will be populated in the
method below. Pair<SecuritySubject, IgniteUuid> returnPair
= getSecuritySubjectFromTransactionMap((CacheEvent) evt,
transactionId); // more logic to store it
in the audit cache here. }
}
}
private Pair<SecuritySubject, IgniteUuid>
getSecuritySubjectFromTransactionMap(CacheEvent evt,
IgniteUuid transactionId) {
SecuritySubject subj = transactionIdSubjectMapCache.get(evt.xid());
if (subj != null)
{ transactionId = evt.xid(); }
if (subj == null) {
IgniteTxManager tm = ((IgniteEx)
ignite).context().cache().context().tm();
for (IgniteInternalTx transaction : tm.activeTransactions()) {
if (transaction.xid().equals(evt.xid())) {
if (transaction.nearXidVersion() != null)
{ subj = transactionIdSubjectMapCache
.get(transaction.nearXidVersion().asGridUuid());
}
}
}
}
return Pair.of(subj, transactionId);
}
}
regards,
Veena.
> CacheEvent#subjectId for cache events with types EventType#EVTS_CACHE
> ---------------------------------------------------------------------
>
> Key: IGNITE-13113
> URL: https://issues.apache.org/jira/browse/IGNITE-13113
> Project: Ignite
> Issue Type: Bug
> Components: cache, security
> Affects Versions: 2.8.1
> Reporter: Denis Garus
> Assignee: Denis Garus
> Priority: Major
> Labels: iep-41
>
> For cache events with types:
> EVT_CACHE_ENTRY_CREATED,
> EVT_CACHE_ENTRY_DESTROYED,
> EVT_CACHE_OBJECT_PUT,
> EVT_CACHE_OBJECT_READ,
> EVT_CACHE_OBJECT_REMOVED,
> EVT_CACHE_OBJECT_LOCKED,
> EVT_CACHE_OBJECT_UNLOCKED,
> EVT_CACHE_OBJECT_EXPIRED
> field CacheEvent#subjectId should be subject id associated with
> SecuritySubject that trigged the cache event.
> Currently, CacheEvent#subjectId for these event types is null or equals
> subject id associated with the node that sends a change request.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
