[GitHub] [ignite] dgarus commented on a change in pull request #8892: IGNITE-14335 Merges APIs of IgniteAuthenticationProcessor and IgniteSecurity.

Tue, 30 Mar 2021 02:12:27 -0700 


dgarus commented on a change in pull request #8892:
URL: https://github.com/apache/ignite/pull/8892#discussion_r603885776



##########
File path: 
modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java
##########
@@ -971,6 +871,63 @@ private static boolean isNodeHoldsUsers(ClusterNode n) {
         return !n.isClient() && !n.isDaemon();
     }
 
+    /** {@inheritDoc} */
+    @Override public SecurityContext authenticateNode(ClusterNode node, 
SecurityCredentials cred) throws IgniteCheckedException {
+        return new SecurityContextImpl(node.id(), null);
+    }
+
+    /** {@inheritDoc} */
+    @Override public SecuritySubject authenticatedSubject(UUID subjId) throws 
IgniteCheckedException {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    @Override public Collection<SecuritySubject> authenticatedSubjects() 
throws IgniteCheckedException {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    @Override public boolean isGlobalNodeAuthentication() {
+        return false;
+    }
+
+    /** {@inheritDoc} */
+    @Override public void authorize(String name, SecurityPermission perm, 
SecurityContext securityCtx) throws SecurityException {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void onSessionExpired(UUID subjId) {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public SecurityContext securityContext(UUID subjId) {

Review comment:
       such an approach to get a security context by a security subject id 
results in 
   
   ```
   SecurityContext sc_1 = security.authenticate(authCtx);        
   SecurityContext sc_2 = security.securityContext(sc_1.subject().id());
   sc_1 != sc_2
   ```
   I think this is wrong behavior.

##########
File path: 
modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java
##########
@@ -310,19 +301,16 @@ public AuthorizationContext authenticate(String login, 
String passwd) throws Ign
 
                     authFuts.put(msg.id(), fut);
 
-                    ctx.io().sendToGridTopic(rndNode, GridTopic.TOPIC_AUTH, 
msg, GridIoPolicy.SYSTEM_POOL);
+                    ctx.io().sendToGridTopic(rndNode, TOPIC_AUTH, msg, 
GridIoPolicy.SYSTEM_POOL);
                 }
 
                 fut.get();
-
-                if (fut.retry())
-                    continue;
-
-                return new AuthorizationContext(User.create(login));
-            }
+            } while (fut.retry());
         }
         else
-            return new AuthorizationContext(authenticateOnServer(login, 
passwd));
+            authenticateOnServer(login, passwd);
+
+        return new SecurityContextImpl(authCtx.subjectId(), login);

Review comment:
       We should feel fields of `SecuritySubject` like `SecuritySubjectType`, 
`InetSocketAddress`, and so on.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to