[GitHub] [ignite] ololo3000 commented on a change in pull request #8892: IGNITE-14335 Merges APIs of IgniteAuthenticationProcessor and IgniteSecurity.

Sun, 18 Apr 2021 03:32:33 -0700 


ololo3000 commented on a change in pull request #8892:
URL: https://github.com/apache/ignite/pull/8892#discussion_r615022858



##########
File path: 
modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java
##########
@@ -1335,4 +1332,99 @@ private RefreshUsersStorageWorker(ArrayList<User> usrs) {
             }
         }
     }
+
+    /** Represents {@link SecuritySubject} implementation. */
+    private static class SecuritySubjectImpl implements SecuritySubject {
+        /** */
+        private static final long serialVersionUID = 0L;
+
+        /** Security subject identifier. */
+        private final UUID id;
+
+        /** Security subject login.  */
+        private final Object login;
+
+        /** Security subject type. */
+        private final SecuritySubjectType type;
+
+        /** Security subject address. */
+        private final InetSocketAddress addr;
+
+        /** */
+        public SecuritySubjectImpl(UUID id, Object login, SecuritySubjectType 
type, InetSocketAddress addr) {
+            this.id = id;
+            this.login = login;
+            this.type = type;
+            this.addr = addr;
+        }
+
+        /** {@inheritDoc} */
+        @Override public UUID id() {
+            return id;
+        }
+
+        /** {@inheritDoc} */
+        @Override public Object login() {
+            return login;
+        }
+
+        /** {@inheritDoc} */
+        @Override public SecuritySubjectType type() {
+            return type;
+        }
+
+        /** {@inheritDoc} */
+        @Override public InetSocketAddress address() {
+            return addr;
+        }
+
+        /** {@inheritDoc} */
+        @Override public SecurityPermissionSet permissions() {
+            return null;

Review comment:
       Permissions and permission checks provided by the SecurityContext are 
orphaned (except one - check on node join - but IgniteAuthenticationProcessor 
do not support node authentication). All permission checks are performed 
through IgniteSecurity#authorize. Also current Ignite Authentication Processor 
implementation do not implement any kind of Ignite cache/task/etc operation 
authorization.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to