CVE-2022-22963

2022-03-31 Thread Vishwas Bm 
Hi All,

Is ignite impacted by this critical vulnerability?

https://securityboulevard.com/2022/03/cyrc-vulnerability-analysis-two-distinct-spring-vulnerabilities-discovered-spring4shell-and-cve-2022-22963/


Regards,
Vishwas

CVE-2021-42392

2022-01-07 Thread Vishwas Bm 
Is ignite impacted by CVE-2021-42392 ?

https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/


Regards,
Vishwas

Re: getCurrentCpuLoad metric value

2021-12-27 Thread Vishwas Bm 
Any inputs on this?

On Thu, 23 Dec, 2021, 17:31 Vishwas Bm,  wrote:

> Hi,
>
> In the javadocs I see that the value of  getCurrentCpuLoad is in the range
> [0,1]
>
> https://www.javadoc.io/static/org.apache.ignite/ignite-core/2.11.1/org/apache/ignite/internal/ClusterLocalNodeMetricsMXBeanImpl.html#getCurrentCpuLoad--
>
> But in the code I see the value getting multiplied by 100.
> Why is this the case ?
>
> https://github.com/apache/ignite/blob/dafbbcaf8fd11cea410978bdb07f52e4ee1476fa/modules/core/src/main/java/org/apache/ignite/internal/ClusterLocalNodeMetricsMXBeanImpl.java#L244
>
>
> Does the javadocs need to be updated ?
>
> *Thanks & Regards,*
>
> *Vishwas *
>

getCurrentCpuLoad metric value

2021-12-23 Thread Vishwas Bm 
Hi,

In the javadocs I see that the value of  getCurrentCpuLoad is in the range
[0,1]
https://www.javadoc.io/static/org.apache.ignite/ignite-core/2.11.1/org/apache/ignite/internal/ClusterLocalNodeMetricsMXBeanImpl.html#getCurrentCpuLoad--

But in the code I see the value getting multiplied by 100.
Why is this the case ?
https://github.com/apache/ignite/blob/dafbbcaf8fd11cea410978bdb07f52e4ee1476fa/modules/core/src/main/java/org/apache/ignite/internal/ClusterLocalNodeMetricsMXBeanImpl.java#L244


Does the javadocs need to be updated ?

*Thanks & Regards,*

*Vishwas *

Re: 0-day CVE in log4j

2021-12-20 Thread Vishwas Bm 
Correct url to rest-http module

https://github.com/apache/ignite/blob/21f7ca41c4348909e2fd26ccf59b5b2ce1f4474e/modules/rest-http/pom.xml#L131

On Mon, 20 Dec, 2021, 16:06 Vishwas Bm,  wrote:

> Hi,
>
> Why is ignite rest module still using old log4j version dependency?
>
>
> https://github.com/apache/ignite/blob/21f7ca41c4348909e2fd26ccf59b5b2ce1f4474e/modules/log4j/pom.xml#L46
>
> Can this be removed ? There is a critical CVE against this package.
>
> Regards,
> Vishwas
>
>
> On Wed, 15 Dec, 2021, 12:57 Aleksandr Nikolaev, 
> wrote:
>
>> Hi folks,
>>
>> Ok i'm update log4j version 2.15 to 2.16
>>
>> https://issues.apache.org/jira/browse/IGNITE-16127
>>
>>
>> On 15.12.2021 09:54, Pavel Tupitsyn wrote:
>> > Igniters,
>> >
>> > Looks like we need to update to 2.16, there is an additional attack
>> vector
>> > [1]
>> >
>> > [1]
>> >
>> https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
>> >
>> > On Mon, Dec 13, 2021 at 4:06 PM Maxim Muzafarov 
>> wrote:
>> >
>> >> Folks,
>> >>
>> >> Should we describe all the WA available for the issue [1]? There is
>> >> already a lot of information about CVE, and nevertheless, it will not
>> >> be superfluous.
>> >>
>> >> [1] https://issues.apache.org/jira/browse/IGNITE-16101
>> >>
>> >> On Mon, 13 Dec 2021 at 15:37, Ivan Daschinsky 
>> wrote:
>> >>> Unfortunately, we need patch our Log4j2 adapter in order to work with
>> >>> log4j-2.15
>> >>> So there is no choice other than to release 2.11.1
>> >>>
>> >>> пн, 13 дек. 2021 г. в 15:21, Anton Vinogradov :
>> >>>
>> >>>> Folks,
>> >>>>
>> >>>> My 200 rubles here,
>> >>>>> I want to include it to the 2.12 scope.
>> >>>> Why not 2.11.1 as well?
>> >>>> We should provide a fixed version for current customers asap.
>> >>>> 2.12 require migration, while 2.11.1 can be applied as-is.
>> >>>>
>> >>>>
>> >>>> On Mon, Dec 13, 2021 at 12:18 PM Stephen Darlington <
>> >>>> stephen.darling...@gridgain.com> wrote:
>> >>>>
>> >>>>> Another workaround appears to be using the
>> >>>>> -Dlog4j2.formatMsgNoLookups=true option. Also, “Java versions
>> greater
>> >>>> than
>> >>>>> 6u211, 7u201, 8u191, and 11.0.1 are less affected by this attack
>> >> vector,
>> >>>> at
>> >>>>> least in theory, because the JNDI can't load remote code using
>> LDAP.”
>> >>>>>
>> >>>>> (
>> >>>>>
>> >>
>> https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/
>> >>>>> )
>> >>>>>
>> >>>>>> On 12 Dec 2021, at 10:56, Dmitriy Pavlov 
>> >> wrote:
>> >>>>>> Hi Igniters,
>> >>>>>>
>> >>>>>> Preliminary: change of the log4j version does not affect any tests
>> >>>>>> (Alexander Nikolaev, correct me if I'm wrong).
>> >>>>>>
>> >>>>>> If you're using embedded Ignite, it's perfectly possible to enforce
>> >>>>> jog4j2
>> >>>>>> dependency to be 2.15.0 in your project final pom.xml or
>> >> build.gradle
>> >>>> or
>> >>>>>> any other build system properties.
>> >>>>>>
>> >>>>>> https://issues.apache.org/jira/browse/IGNITE-16101 ticket seems
>> >> to be
>> >>>>>> a blocker for 2.12. But for now, as a workaround, it's possible to
>> >>>> select
>> >>>>>> the latest version manually.
>> >>>>>>
>> >>>>>> Sincerely,
>> >>>>>> Dmitriy Pavlov
>> >>>>>>
>> >>>>>> сб, 11 дек. 2021 г. в 09:47, Nikita Amelchev > >>> :
>> >>>>>>> Hello.
>> >>>>>>>
>> >>>>>>> The issue to update dependency was created:
>> >>>>>>> https://issues.apache.org/jira/browse/IGNITE-16101
>> >>>>>>>
>> >>>>>>> I want to include it to the 2.12 scope.
>> >>>>>>>
>> >>>>>>> сб, 11 дек. 2021 г., 09:19 Raymond Wilson <
>> >> raymond_wil...@trimble.com
>> >>>>> :
>> >>>>>>>> All
>> >>>>>>>>
>> >>>>>>>> This blew up today: CVE-2021-44228 (
>> >>>>>>>>
>> >>>>>>>>
>> >>
>> https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
>> >>>>>>>> )
>> >>>>>>>>
>> >>>>>>>> Will there be a risk assessment with respect to Ignite for this
>> >> CVE?
>> >>>>>>>> Thanks,
>> >>>>>>>> Raymond.
>> >>>>>>>>
>> >>>>>>>> --
>> >>>>>>>> <http://www.trimble.com/>
>> >>>>>>>> Raymond Wilson
>> >>>>>>>> Trimble Distinguished Engineer, Civil Construction Software (CCS)
>> >>>>>>>> 11 Birmingham Drive | Christchurch, New Zealand
>> >>>>>>>> raymond_wil...@trimble.com
>> >>>>>>>>
>> >>>>>>>> <
>> >>>>>>>>
>> >>
>> https://worksos.trimble.com/?utm_source=Trimble_medium=emailsign_campaign=Launch
>> >>>>>
>> >>>>>
>> >>>
>> >>> --
>> >>> Sincerely yours, Ivan Daschinskiy
>>
>

Re: 0-day CVE in log4j

2021-12-20 Thread Vishwas Bm 
Hi,

Why is ignite rest module still using old log4j version dependency?

https://github.com/apache/ignite/blob/21f7ca41c4348909e2fd26ccf59b5b2ce1f4474e/modules/log4j/pom.xml#L46

Can this be removed ? There is a critical CVE against this package.

Regards,
Vishwas


On Wed, 15 Dec, 2021, 12:57 Aleksandr Nikolaev, 
wrote:

> Hi folks,
>
> Ok i'm update log4j version 2.15 to 2.16
>
> https://issues.apache.org/jira/browse/IGNITE-16127
>
>
> On 15.12.2021 09:54, Pavel Tupitsyn wrote:
> > Igniters,
> >
> > Looks like we need to update to 2.16, there is an additional attack
> vector
> > [1]
> >
> > [1]
> >
> https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
> >
> > On Mon, Dec 13, 2021 at 4:06 PM Maxim Muzafarov 
> wrote:
> >
> >> Folks,
> >>
> >> Should we describe all the WA available for the issue [1]? There is
> >> already a lot of information about CVE, and nevertheless, it will not
> >> be superfluous.
> >>
> >> [1] https://issues.apache.org/jira/browse/IGNITE-16101
> >>
> >> On Mon, 13 Dec 2021 at 15:37, Ivan Daschinsky 
> wrote:
> >>> Unfortunately, we need patch our Log4j2 adapter in order to work with
> >>> log4j-2.15
> >>> So there is no choice other than to release 2.11.1
> >>>
> >>> пн, 13 дек. 2021 г. в 15:21, Anton Vinogradov :
> >>>
>  Folks,
> 
>  My 200 rubles here,
> > I want to include it to the 2.12 scope.
>  Why not 2.11.1 as well?
>  We should provide a fixed version for current customers asap.
>  2.12 require migration, while 2.11.1 can be applied as-is.
> 
> 
>  On Mon, Dec 13, 2021 at 12:18 PM Stephen Darlington <
>  stephen.darling...@gridgain.com> wrote:
> 
> > Another workaround appears to be using the
> > -Dlog4j2.formatMsgNoLookups=true option. Also, “Java versions greater
>  than
> > 6u211, 7u201, 8u191, and 11.0.1 are less affected by this attack
> >> vector,
>  at
> > least in theory, because the JNDI can't load remote code using LDAP.”
> >
> > (
> >
> >>
> https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/
> > )
> >
> >> On 12 Dec 2021, at 10:56, Dmitriy Pavlov 
> >> wrote:
> >> Hi Igniters,
> >>
> >> Preliminary: change of the log4j version does not affect any tests
> >> (Alexander Nikolaev, correct me if I'm wrong).
> >>
> >> If you're using embedded Ignite, it's perfectly possible to enforce
> > jog4j2
> >> dependency to be 2.15.0 in your project final pom.xml or
> >> build.gradle
>  or
> >> any other build system properties.
> >>
> >> https://issues.apache.org/jira/browse/IGNITE-16101 ticket seems
> >> to be
> >> a blocker for 2.12. But for now, as a workaround, it's possible to
>  select
> >> the latest version manually.
> >>
> >> Sincerely,
> >> Dmitriy Pavlov
> >>
> >> сб, 11 дек. 2021 г. в 09:47, Nikita Amelchev  >>> :
> >>> Hello.
> >>>
> >>> The issue to update dependency was created:
> >>> https://issues.apache.org/jira/browse/IGNITE-16101
> >>>
> >>> I want to include it to the 2.12 scope.
> >>>
> >>> сб, 11 дек. 2021 г., 09:19 Raymond Wilson <
> >> raymond_wil...@trimble.com
> > :
>  All
> 
>  This blew up today: CVE-2021-44228 (
> 
> 
> >>
> https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
>  )
> 
>  Will there be a risk assessment with respect to Ignite for this
> >> CVE?
>  Thanks,
>  Raymond.
> 
>  --
>  
>  Raymond Wilson
>  Trimble Distinguished Engineer, Civil Construction Software (CCS)
>  11 Birmingham Drive | Christchurch, New Zealand
>  raymond_wil...@trimble.com
> 
>  <
> 
> >>
> https://worksos.trimble.com/?utm_source=Trimble_medium=emailsign_campaign=Launch
> >
> >
> >>>
> >>> --
> >>> Sincerely yours, Ivan Daschinskiy
>

Re: Issue building Ignite 2.10 branch

2021-05-11 Thread Vishwas Bm 
Hi Raymond,

This is an issue related to repository configuration in settings.xml.

You can find more information in below thread
http://apache-ignite-developers.2346864.n4.nabble.com/Building-Ignite-with-Adopt-OpenJDK-11-td52389.html#a52391



Regards,
Vishwas

On Wed, 12 May, 2021, 05:17 Raymond Wilson, 
wrote:

> Hi,
>
> I have made a small modification to the ignite-kubernetes module to allow
> specification of a port for the IP finder.
>
> To build Ignite, I am using this comment from DEVNOTES.TXT:
>
> mvn clean install -am -Pall-java,all-scala,licenses -DskipTests
>
> This ultimately fails with the following error:
>
> [ERROR] Failed to execute goal on project ignite-jta: Could not resolve
> dependencies for project org.apache.ignite:ignite-jta:jar:2.10.0: Failed to
> collect dependencies at org.ow2.jotm:jotm-core:jar:2.2.3 ->
> org.ow2.carol:carol:jar:3.0.8 ->
> org.jacorb:jacorb:jar:2.2.3-jonas-patch-20071018: Failed to read artifact
> descriptor for org.jacorb:jacorb:jar:2.2.3-jonas-patch-20071018: Could not
> transfer artifact org.jacorb:jacorb:pom:2.2.3-jonas-patch-20071018 from/to
> maven-default-http-blocker (http://0.0.0.0/): transfer failed for
>
> http://0.0.0.0/org/jacorb/jacorb/2.2.3-jonas-patch-20071018/jacorb-2.2.3-jonas-patch-20071018.pom
> :
> Connect to 0.0.0.0:80 [/0.0.0.0] failed: Connection refused: connect ->
> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e
> switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the following articles:
> [ERROR] [Help 1]
>
> http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
> [ERROR]
> [ERROR] After correcting the problems, you can resume the build with the
> command
> [ERROR]   mvn  -rf :ignite-jta
>
> I found some release notes that indicated the Maven (as of 3.8.1) is no
> longer supporting HTTP addresses for dependencies. I downgraded to Maven
> 3.8.0 with no change to the result.
>
> Is there an easy work around for this?
>
> Thanks,
> Raymond.
>
>
> --
> 
> Raymond Wilson
> Trimble Distinguished Engineer, Civil Construction Software (CCS)
> 11 Birmingham Drive | Christchurch, New Zealand
> raymond_wil...@trimble.com
>
> <
> https://worksos.trimble.com/?utm_source=Trimble_medium=emailsign_campaign=Launch
> >
>

Re: Building Ignite with Adopt OpenJDK 11

2021-04-18 Thread Vishwas Bm 
Hi Marius,

This is more of a mvn repository issue. The jacorb jar is found at below
link

https://repository.ow2.org/nexus/content/repositories/ow2-legacy/org/jacorb/jacorb/2.2.3-jonas-patch-20071018/

You need to add this repo in your settings.xml file.


Regards,
Vishwas


On Sun, 18 Apr, 2021, 23:51 Marius Filip, 
wrote:

> Hi
>
> I followed the Git Workflow instructions for contributors at the bottom of:
>
> https://cwiki.apache.org/confluence/display/IGNITE/How+to+Contribute
>
> and then the build instructions in DEVNOTES.txt:
>
> mvn clean install -Pall-java,all-scala,licenses -DskipTests
>
> I get the following error:
>
> [ERROR] Failed to execute goal on project ignite-jta: Could not resolve
> dependencies for project org.apache.ignite:ignite-jta:jar:2.11.0-SNAPSHOT:
> Failed to collect dependencies at org.ow2.jotm:jotm-core:jar:2.2.3 ->
> org.ow2.carol:carol:jar:3.0.8 ->
> org.jacorb:jacorb:jar:2.2.3-jonas-patch-20071018: Failed to read artifact
> descriptor for org.jacorb:jacorb:jar:2.2.3-jonas-patch-20071018: Could not
> transfer artifact org.jacorb:jacorb:pom:2.2.3-jonas-patch-20071018 from/to
> maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for
> repositories: [redhat-ga-repository (
> http://maven.repository.redhat.com/ga/,
> default, releases), apache.snapshots (
> http://repository.apache.org/snapshots,
> default, snapshots), ow2-snapshot (
> http://repository.ow2.org/nexus/content/repositories/snapshots, default,
> snapshots), ow2 (http://maven.ow2.org/maven2, default, releases)] -> [Help
> 1]
>
> Is this related to using JDK 11 to build?
>
> If this is a known issue or Java 11 is not supported, any pointer to the
> correct info is much appreciated.
>
> Thanks,
> Marius Filip
>

Re: Hard limit WAL archive size

2021-01-26 Thread Vishwas Bm 
Hi,

Is this related to issue seen with
IGNITE-13912 ?

I had hit IGNITE-13912 when I was using ignite 2.9 release.
I am yet to try my use case with the fix provided as part of IGNITE-13912



Regards,
Vishwas

On Tue, 26 Jan, 2021, 21:18 ткаленко кирилл,  wrote:

> Hello, everyone!
>
> Currently, property DataStorageConfiguration#maxWalArchiveSize is not
> working as expected by users. We can easily go beyond this limit and
> overflow the disk, which will lead to errors and a crash of the node. I
> propose to fix this behavior and not let WAL archive overflow.
>
> It is suggested not to add segments to the archive if we can exceed the
> DataStorageConfiguration#maxWalArchiveSize and wait until space becomes
> available for this.
>
> Thus, we may have a deadlock:
> Get checkpontReadLock -> write to WAL -> need to rollover WAL segment ->
> need to clean WAL archive -> need to complete checkpoint (impossible
> because of checkpontReadLock taken).
>
> To avoid such situations, I suggest adding a custom heuristic - do not
> give a IgniteCacheDatabaseSharedManager#checkpointReadLock if there are few
> (default 1) segments left.
> But this will not allow us to completely avoid archive overflow
> situations. Therefore, I suggest fail node by FH when a deadlock is
> detected, since it could be the same if there was no disk space left.
>

Re: Issue with custom security plugin and thin clients

2020-12-18 Thread Vishwas Bm 
Hi Denis,

Thanks for the feedback.

I had also put a comment in one of your PR regarding iep-41.
https://github.com/apache/ignite/pull/8038#issuecomment-742230009


It will be great if you can provide input on this.


Regards,
Vishwas

On Fri, 18 Dec, 2020, 21:39 Denis Garus,  wrote:

> Hi!
> I don't understand why you do something related to thin clients inside
> onDisconnected method?
> The rest looks good to me.
>
> ср, 9 дек. 2020 г. в 17:00, vbm :
>
> > Hi Denis,
> >
> > Any thoughts on the approach mentioned above ?
> >
> >
> > Regards,
> > Vishwas
> >
> >
> >
> > --
> > Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/
> >
>

Re: Query on ignite-kafka artifact (ignite-kafka-ext)

2020-12-18 Thread Vishwas Bm 
Hi Denis,

Thanks for the reply.
I will try to use the version of kafka-ext available in mvn repository with
ignite master branch code.


Regards,
Vishwas

On Sat, 19 Dec, 2020, 01:48 Denis Magda,  wrote:

> Hi Vishwas,
>
> Kafka and all other extensions I being moved to that separate repository
> and will be released independently. We'll update and release new versions
> of extensions whenever is needed. In the meantime, the Kafka extension
> should be compatible with all Ignite version. So, just update your Maven
> XML:
>
> https://ignite.apache.org/docs/latest/extensions-and-integrations/streaming/kafka-streamer#streaming-data-with-ignite-kafka-streamer-module
>
> -
> Denis
>
>
> On Thu, Dec 17, 2020 at 9:18 PM vbm  wrote:
>
> > Hi,
> >
> > I had posted this question in user list, posting it here again.
> >
> > In 2.9.0 release of Ignite, ignite-kafka module was part of the ignite
> git.
> > Now when I check in master branch kafka module is not present, it has
> been
> > moved to https://github.com/apache/ignite-extensions
> >
> > Also in maven repository I see there is new artifact corresponding to
> > ignite-extensions for kafka.
> > 
> > org.apache.ignite
> > ignite-kafka-ext
> > 1.0.0
> > 
> >
> > To which version of ignite is this compatible ? Can this be used with
> > ignite
> > 2.10.0 master branch ?
> > When will the next release of ignite-kafka-ext be done ? Will it be done
> > along with ignite release ?
> >
> >
> > Regards,
> > Vishwas
> >
> >
> >
> > --
> > Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/
> >
>

Re: Issue with custom security plugin and thin clients

2020-12-07 Thread Vishwas Bm 
Hi Denis,

Thanks for the suggestion.

I was trying to implement the approach of using the cache to store the thin
clients security context.

Below is the approach, I wanted to follow:
1) Add the thin client secCtx to cache during authentication time.
2) Retrieve the thin client secCtx using subjId in the new method to be
overridden:
  GridSecurityProcessor.securityContext(UUID subjId) method,
3) Remove the entry from the cache during the onSessionExpired method call.
4) Remove the entry from the cache during the onDisconnected() method call.

** I am not sure if I have to handle anything extra for  onReconnected(),
as I see again the authenticate method gets called.

Can you please let me know if the above steps are OK or do I need to handle
any other case ?


*Thanks & Regards,*

*Vishwas *

On Mon, Nov 30, 2020 at 2:11 PM Denis Garus  wrote:

> Hi!
>
> Node attributes can't be used to spread a thin client's security context.
> For this purpose,  you can use a cache of Ignite, a third-party database,
> or other tools appropriate to your case.
>
> сб, 28 нояб. 2020 г. в 06:16, Vishwas Bm :
>
> > Hi Denis,
> >
> >
> > Thanks for the reply.
> > Yes I was looking for a way to spread the security context to all cluster
> > nodes when a thin client(sqlline) gets authenticated.
> > I tried to see if I can use node attributes or user attributes to pass
> the
> > information to other nodes. When a cluster of ignite server is already
> > formed, this will not help as attributes will not be available on remote
> > nodes.
> >
> > The node attributes cannot be changed at run time and the attributes will
> > be available to remote nodes only when they join the cluster.
> >
> > So I wanted to know, if there is any other way to do this ?
> > I checked your poc PR for reference,
> > https://github.com/apache/ignite/pull/7375
> >
> > In thin client case authenticate node will not be called but authenticate
> > method is getting called.
> >
> >
> > Regards,
> > Vishwas
> >
> >
> > On Fri, 27 Nov, 2020, 14:29 Denis Garus,  wrote:
> >
> > > Hello!
> > >
> > >
> > > If I understood your problem correctly, you need to make a thin
> client's
> > > security context allowed on a remote node.
> > >
> > > When a security plugin does authenticate a thin client, it should
> spread
> > > the thin client's security context on the cluster.
> > >
> > > How a security context will be transmitted to a remote node is up to
> the
> > > plugin's developers.
> > >
> > > Also, you have to implement the
> > GridSecurityProcessor.securityContext(UUID
> > > subjId) method,
> > >
> > > the way this method is used in Ignite can see in the task description
> > [1].
> > >
> > >
> > >
> > >
> > >1. https://issues.apache.org/jira/browse/IGNITE-12759
> > >
> > >
> > > чт, 26 нояб. 2020 г. в 10:01, Vishwas Bm :
> > >
> > > > Hi,
> > > >
> > > > I was facing an issue with a custom security plugin and thin remote
> > > client.
> > > > I am using Ignite 2.9.0 version and I am hitting below issue
> > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/IEP-41%3A+Security+Context+of+thin+client+on+remote+nodes
> > > >
> > > >
> > > > I had asked the question in the user listing but unfortunately I did
> > not
> > > > get any reply.
> > > > So I am posting this question here:
> > > >
> > > >
> > > >
> > >
> >
> http://apache-ignite-users.70518.x6.nabble.com/Query-on-implementing-GridSecurityProcessor-td34672.html
> > > >
> > > >
> > > > *Thanks & Regards,*
> > > >
> > > > *Vishwas *
> > > >
> > >
> >
>

Re: Issue with custom security plugin and thin clients

2020-11-27 Thread Vishwas Bm 
Hi Denis,


Thanks for the reply.
Yes I was looking for a way to spread the security context to all cluster
nodes when a thin client(sqlline) gets authenticated.
I tried to see if I can use node attributes or user attributes to pass the
information to other nodes. When a cluster of ignite server is already
formed, this will not help as attributes will not be available on remote
nodes.

The node attributes cannot be changed at run time and the attributes will
be available to remote nodes only when they join the cluster.

So I wanted to know, if there is any other way to do this ?
I checked your poc PR for reference,
https://github.com/apache/ignite/pull/7375

In thin client case authenticate node will not be called but authenticate
method is getting called.


Regards,
Vishwas


On Fri, 27 Nov, 2020, 14:29 Denis Garus,  wrote:

> Hello!
>
>
> If I understood your problem correctly, you need to make a thin client's
> security context allowed on a remote node.
>
> When a security plugin does authenticate a thin client, it should spread
> the thin client's security context on the cluster.
>
> How a security context will be transmitted to a remote node is up to the
> plugin's developers.
>
> Also, you have to implement the GridSecurityProcessor.securityContext(UUID
> subjId) method,
>
> the way this method is used in Ignite can see in the task description [1].
>
>
>
>
>1. https://issues.apache.org/jira/browse/IGNITE-12759
>
>
> чт, 26 нояб. 2020 г. в 10:01, Vishwas Bm :
>
> > Hi,
> >
> > I was facing an issue with a custom security plugin and thin remote
> client.
> > I am using Ignite 2.9.0 version and I am hitting below issue
> >
> >
> https://cwiki.apache.org/confluence/display/IGNITE/IEP-41%3A+Security+Context+of+thin+client+on+remote+nodes
> >
> >
> > I had asked the question in the user listing but unfortunately I did not
> > get any reply.
> > So I am posting this question here:
> >
> >
> >
> http://apache-ignite-users.70518.x6.nabble.com/Query-on-implementing-GridSecurityProcessor-td34672.html
> >
> >
> > *Thanks & Regards,*
> >
> > *Vishwas *
> >
>

Fwd: Issue with custom security plugin and thin clients

2020-11-25 Thread Vishwas Bm 
Hi,

I was facing an issue with a custom security plugin and thin remote client.
I am using Ignite 2.9.0 version and I am hitting below issue
https://cwiki.apache.org/confluence/display/IGNITE/IEP-41%3A+Security+Context+of+thin+client+on+remote+nodes


I had asked the question in the user listing but unfortunately I did not
get any reply.
So I am posting this question here:

http://apache-ignite-users.70518.x6.nabble.com/Query-on-implementing-GridSecurityProcessor-td34672.html


*Thanks & Regards,*

*Vishwas *