[jira] [Commented] (IGNITE-15101) Ignite tasks run in a security context other than the initiator's security context

Fri, 30 Jul 2021 00:51:06 -0700 


    [ 
https://issues.apache.org/jira/browse/IGNITE-15101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17390391#comment-17390391
 ] 

Mikhail Petrov commented on IGNITE-15101:
-----------------------------------------

[~alex_pl], Thanks a lot for the review!

>  Ignite tasks run in a security context other than the initiator's security 
> context
> -----------------------------------------------------------------------------------
>
>                 Key: IGNITE-15101
>                 URL: https://issues.apache.org/jira/browse/IGNITE-15101
>             Project: Ignite
>          Issue Type: Improvement
>            Reporter: Mikhail Petrov
>            Assignee: Mikhail Petrov
>            Priority: Major
>             Fix For: 2.12
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Ignite tasks run in a security context other than the initiator's security 
> context.
> Reproducer:
> 1. Make TestSecurityProcessor#authenticatedSubjects to return 
> TestSecurityProcessor#SECURITY_CONTEXTS values to determine client subject id 
> after authentication like:
> {code:java}
> return 
> SECURITY_CONTEXTS.values().stream().map(SecurityContext::subject).collect(Collectors.toList());
> {code}
> 2.
> {code:java}
> public class TaskSecurityContextTest extends AbstractSecurityTest {
>     /** */
>     private static final String TASK_NAME = 
> "org.apache.ignite.internal.processors.security.events.TaskSecurityContextTest$TestComputeTask";
>     /** {@inheritDoc} */
>     @Override protected IgniteConfiguration getConfiguration(String 
> igniteInstanceName) throws Exception {
>         return super.getConfiguration(igniteInstanceName)
>             .setClientConnectorConfiguration(
>                 new ClientConnectorConfiguration().setThinClientConfiguration(
>                     new 
> ThinClientConfiguration().setMaxActiveComputeTasksPerConnection(1)));
>     }
>     /** */
>     @Test
>     public void test() throws Exception {
>         IgniteEx ignite = startGridAllowAll("srv");
>         String login = "test";
>         IgniteClient cli = Ignition.startClient(new ClientConfiguration()
>             .setAddresses(Config.SERVER)
>             .setUserName(login)
>             .setUserPassword("")
>         );
>         UUID subjId = 
> ignite.context().security().authenticatedSubjects().stream()
>             .filter(subj -> subj.login().equals(login))
>             .findFirst()
>             .get()
>             .id();
>         cli.compute().execute(TASK_NAME, subjId);
>     }
>     /** Test compute task. */
>     public static class TestComputeTask extends ComputeTaskAdapter<UUID, 
> Void> {
>         /** {@inheritDoc} */
>         @Override public @NotNull Map<? extends ComputeJob, ClusterNode> map(
>             List<ClusterNode> subgrid,
>             @Nullable UUID secSubjId
>         ) throws IgniteException {
>             return F.asMap(new ComputeJob() {
>                 /** */
>                 @IgniteInstanceResource
>                 private IgniteEx ignite;
>                 @Override public void cancel() {
>                     // No-op.
>                 }
>                 @Override public Object execute() throws IgniteException {
>                     assertEquals(secSubjId, 
> ignite.context().security().securityContext().subject().id());
>                     return null;
>                 }
>             }, subgrid.get(0));
>         }
>         /** {@inheritDoc} */
>         @Override public @Nullable Void reduce(List<ComputeJobResult> 
> results) throws IgniteException {
>             return null;
>         }
>     }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to