[
https://issues.apache.org/jira/browse/IGNITE-12049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16976604#comment-16976604
]
Ryabov Dmitrii commented on IGNITE-12049:
-----------------------------------------
[~ascherbakov], thank you for review.
{quote}1. For "normal" cluster nodes attributes are already available using
ClusterNode.attributes and user can just set any attribute and use it in custom
authenticator without any changes in core by implementing [1].
Do I understand correctly the fix is only relevant for thin clients
authenticated using [2] and not having associated local attributes ?
Shouldn't we instead provide the ability for thin clients to have attributes
and avoid changing IgniteConfiguration ?
{quote}
The problem is that user can use different certificates for node-to-node
connection and put inside attributes. For "normal" cluster nodes we put
certificates from SSL connection into attributes. For thin clients we do the
same.
For local authentication we don't need certificates because there is no
node-to-node connection.
{quote}2. Why the new attribute is not available during authentication for
jdbc/odbc client types ?
{quote}
I missed it. Work in progress.
{quote}3. Can you create an example of using custom authenticator with
certificates ?
{quote}
I made tests in SslCertificatesCheckTest. Tests use TestSslSecurityProcessor,
which checks certificates during authentication.
> Allow custom authenticators to use SSL certificates
> ---------------------------------------------------
>
> Key: IGNITE-12049
> URL: https://issues.apache.org/jira/browse/IGNITE-12049
> Project: Ignite
> Issue Type: Improvement
> Reporter: Ryabov Dmitrii
> Assignee: Ryabov Dmitrii
> Priority: Minor
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Add SSL certificates to AuthenticationContext, so, authenticators can make
> additional checks based on SSL certificates.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
