[ https://issues.apache.org/jira/browse/IGNITE-11346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850838#comment-16850838 ]
Maxim Karavaev edited comment on IGNITE-11346 at 5/29/19 1:21 PM: ------------------------------------------------------------------ Hi [~ibessonov] , Done. was (Author: maxoid): Hi [~ibessonov] , > Remote client authentication failed for the CommandHandler in the case where > it optional on the server > ------------------------------------------------------------------------------------------------------ > > Key: IGNITE-11346 > URL: https://issues.apache.org/jira/browse/IGNITE-11346 > Project: Ignite > Issue Type: Bug > Components: clients, security, thin client > Affects Versions: 2.7 > Reporter: Maxim Karavaev > Assignee: Maxim Karavaev > Priority: Minor > Time Spent: 1.5h > Remaining Estimate: 0h > > h2. Preposition: > Custom _GridSecurityProcessor_ implementation allows optional authentication. > With other words, if some credentials are presents then authentication > performed, otherwise - not (some restricted SecurityContext returned). > REST API works fine. If credentials are present or the auth request was made > then the auth works as desired, if not - it also works but only for some > authorized requests. > h2. The problem: > _CommandHandler_ which is used for controlling a cluster through the CLI > script _command.sh|bat_ doesn't respect credential parameters and sends auth > request only in case of authentication exception for a regular request. In > the described case of optional authentication it never happens, so the result > always depends on the "default" Permissions. > h2. Possible solution: > Change _GridClientNioTcpConnection_ to always send first an auth request in > case of provided credentials. -- This message was sent by Atlassian JIRA (v7.6.3#76005)