[
https://issues.apache.org/jira/browse/IGNITE-11992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16887890#comment-16887890
]
Ignite TC Bot commented on IGNITE-11992:
----------------------------------------
{panel:title=--> Run :: All: No blockers
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
[TeamCity *--> Run :: All*
Results|https://ci.ignite.apache.org/viewLog.html?buildId=4345271&buildTypeId=IgniteTests24Java8_RunAll]
> Improvements for new security approach
> --------------------------------------
>
> Key: IGNITE-11992
> URL: https://issues.apache.org/jira/browse/IGNITE-11992
> Project: Ignite
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.8
> Reporter: Stepachev Maksim
> Assignee: Stepachev Maksim
> Priority: Major
> Fix For: 2.8
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> 1. ZookeaperDiscoveryImpl doesn't implement security into itself.
> As a result: Caused by: class org.apache.ignite.spi.IgniteSpiException:
> Security context isn't certain.
> 2. The visor tasks lost permission.
> The method VisorQueryUtils#scheduleQueryStart makes a new thread and loses
> context.
> 3. The GridRestProcessor does tasks outside "withContext" section. As result
> context loses.
> 4. The GridRestProcessor isn't client, we can't read security subject from
> node attribute.
> We should transmit secCtx for fake nodes and secSubjId for real.
> 5. NoOpIgniteSecurityProcessor should include a disabled processor and
> validate it too if it is not null. It is important for a client node.
> For example:
> Into IgniteKernal#securityProcessor method createComponent return a
> GridSecurityProcessor. For server nodes are enabled, but for clients aren't.
> The clients aren't able to pass validation for this reason.
> 6. ATTR_SECURITY_SUBJECT was removed. It broke compatibility.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
