[
https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309299#comment-17309299
]
Ignite TC Bot commented on IGNITE-13112:
----------------------------------------
{panel:title=Branch: [pull/8038/head] Base: [master] : No blockers
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
{panel:title=Branch: [pull/8038/head] Base: [master] : No new tests
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}{panel}
[TeamCity *--> Run :: All*
Results|https://ci.ignite.apache.org/viewLog.html?buildId=5935287&buildTypeId=IgniteTests24Java8_RunAll]
> The current security context should be obtained using the IgniteSecurity
> interface only.
> ----------------------------------------------------------------------------------------
>
> Key: IGNITE-13112
> URL: https://issues.apache.org/jira/browse/IGNITE-13112
> Project: Ignite
> Issue Type: Bug
> Components: cache, security
> Affects Versions: 2.8.1
> Reporter: Denis Garus
> Assignee: Denis Garus
> Priority: Major
> Labels: iep-41
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> For getting the current security context, we have to use the IgniteSecurity
> interface only.
> We need to get rid of all other ways to transfer a security subject id.
> h4. Suggested implementation
> If Ignite Security (IS) is enabled, then executors, accessed through the
> PoolProcessor, are wrapped to a security-aware implementation. Security-aware
> implementation sets proper security context for tasks that the executor
> performs.
> The field subject id was deleted from communication requests for cache and
> compute operations; a remote node gets the subject id that initiates the
> ignite operation from GridIoSecurityAwareMessage. IgniteSecurity uses this id
> to set a proper security context during the execution of the request.
> Remove GridTaskThreadContextKey#TC_SUBJ_ID,
> GridCacheContext#subjectIdPerCall; a consumer has to obtain a current
> security subject id through IgniteSecurity or the set of SecurityUtils
> methods.
> For all events that include the subject id field, are set the following rule.
> If IS is enabled, this field must contain a subject id that initiates an
> ignite operation, otherwise null.
> Implement SecurityAwareCustomMessageWrapper for discovery requests that act
> as GridIoSecurityAwareMessage for communication requests. It allows setting
> proper context during the discovery message execution.
> Implement SecurityAwareGridRestCommandHandler to allow GridRestProcessor to
> execute all client requests with the proper security context.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
