Re: JDBC thin client incorrect security context
Is there anything I can do to associate the cacheevent with the logged in jdbc client(DBEAVER user) (Can I do something in any of the methods of the Security Plugin ) . -- Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/
Re: JDBC thin client incorrect security context
Another thing I noticed is that during a update through jdbc client, there could be 2 kinds of threads acting on it. The 'client-connector' thread and the 'sys-stripe'. If the client-connector thread completes the transaction and calls the record, it is able to send a 'cache_put' event with the uuid of the person logged in to through the jdbc thin client . Whereas if the 'sys-stripe' thread completes the transaction, it sends the 'cache_put' event with the node uuid. Is there anyway I can get the session id of the associated jdbc session in the SecurityPlugin and the Audit plugin so that I can link the right UUID ( i.e. the UUID of the logged in jdbc thin client user ). -- Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/
Re: JDBC thin client incorrect security context
Hi! That is a known issue [1]. > is there any workaround to get this information? I think, unfortunately, no. 1. https://issues.apache.org/jira/browse/IGNITE-12589 пн, 17 февр. 2020 г. в 10:02, VeenaMithare : > Hi , > > Hi , > > We have built a security and audit plugin for security of our ignite > cluster. We are unable to get the right audit information i.e. we are > unable > to get the right subject for users logged in through dbeaver ( jdbc thin > client. ). This is because the subjectid associated with the "CACHE_PUT" > event when an update is triggered by the jdbc thin client, contains the > uuid > of the node that executed the update rather than the logged in jdbc thin > client user. > > If this is a limitation with the current version of ignite, is there any > workaround to get this information ? > > This was discussed in the 'Ignite users' group > > http://apache-ignite-users.70518.x6.nabble.com/JDBC-thin-client-incorrect-security-context-td31354.html > > And I was advised to continue my conversation here. > > Andrei mentions that the uuid associated with the event should be that of > the jdbc client( in our case the logged in dbeaver user ). But I notice > that > the event always contains the uuid of the node where the query gets > executed > . > > I do manage to get the right jdbc client from the authenticationcontext in > the authorize and form the right securitycontext. But this doesnt reflect > in > the generated cacheevent. > > Kindly guide. > regards, > Veena. > > > > -- > Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/ >
JDBC thin client incorrect security context
Hi , Hi , We have built a security and audit plugin for security of our ignite cluster. We are unable to get the right audit information i.e. we are unable to get the right subject for users logged in through dbeaver ( jdbc thin client. ). This is because the subjectid associated with the "CACHE_PUT" event when an update is triggered by the jdbc thin client, contains the uuid of the node that executed the update rather than the logged in jdbc thin client user. If this is a limitation with the current version of ignite, is there any workaround to get this information ? This was discussed in the 'Ignite users' group http://apache-ignite-users.70518.x6.nabble.com/JDBC-thin-client-incorrect-security-context-td31354.html And I was advised to continue my conversation here. Andrei mentions that the uuid associated with the event should be that of the jdbc client( in our case the logged in dbeaver user ). But I notice that the event always contains the uuid of the node where the query gets executed . I do manage to get the right jdbc client from the authenticationcontext in the authorize and form the right securitycontext. But this doesnt reflect in the generated cacheevent. Kindly guide. regards, Veena. -- Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/
