subject:"\[jira\] \[Commented\] \(IGNITE\-15101\) Ignite tasks run in a security context other than the initiator's security context"

[jira] [Commented] (IGNITE-15101) Ignite tasks run in a security context other than the initiator's security context

2021-07-30 Thread Mikhail Petrov (Jira)



[ 
https://issues.apache.org/jira/browse/IGNITE-15101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17390391#comment-17390391
 ] 

Mikhail Petrov commented on IGNITE-15101:
-

[~alex_pl], Thanks a lot for the review!

>  Ignite tasks run in a security context other than the initiator's security 
> context
> ---
>
> Key: IGNITE-15101
> URL: https://issues.apache.org/jira/browse/IGNITE-15101
> Project: Ignite
>  Issue Type: Improvement
>Reporter: Mikhail Petrov
>Assignee: Mikhail Petrov
>Priority: Major
> Fix For: 2.12
>
>  Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Ignite tasks run in a security context other than the initiator's security 
> context.
> Reproducer:
> 1. Make TestSecurityProcessor#authenticatedSubjects to return 
> TestSecurityProcessor#SECURITY_CONTEXTS values to determine client subject id 
> after authentication like:
> {code:java}
> return 
> SECURITY_CONTEXTS.values().stream().map(SecurityContext::subject).collect(Collectors.toList());
> {code}
> 2.
> {code:java}
> public class TaskSecurityContextTest extends AbstractSecurityTest {
> /** */
> private static final String TASK_NAME = 
> "org.apache.ignite.internal.processors.security.events.TaskSecurityContextTest$TestComputeTask";
> /** {@inheritDoc} */
> @Override protected IgniteConfiguration getConfiguration(String 
> igniteInstanceName) throws Exception {
> return super.getConfiguration(igniteInstanceName)
> .setClientConnectorConfiguration(
> new ClientConnectorConfiguration().setThinClientConfiguration(
> new 
> ThinClientConfiguration().setMaxActiveComputeTasksPerConnection(1)));
> }
> /** */
> @Test
> public void test() throws Exception {
> IgniteEx ignite = startGridAllowAll("srv");
> String login = "test";
> IgniteClient cli = Ignition.startClient(new ClientConfiguration()
> .setAddresses(Config.SERVER)
> .setUserName(login)
> .setUserPassword("")
> );
> UUID subjId = 
> ignite.context().security().authenticatedSubjects().stream()
> .filter(subj -> subj.login().equals(login))
> .findFirst()
> .get()
> .id();
> cli.compute().execute(TASK_NAME, subjId);
> }
> /** Test compute task. */
> public static class TestComputeTask extends ComputeTaskAdapter Void> {
> /** {@inheritDoc} */
> @Override public @NotNull Map map(
> List subgrid,
> @Nullable UUID secSubjId
> ) throws IgniteException {
> return F.asMap(new ComputeJob() {
> /** */
> @IgniteInstanceResource
> private IgniteEx ignite;
> @Override public void cancel() {
> // No-op.
> }
> @Override public Object execute() throws IgniteException {
> assertEquals(secSubjId, 
> ignite.context().security().securityContext().subject().id());
> return null;
> }
> }, subgrid.get(0));
> }
> /** {@inheritDoc} */
> @Override public @Nullable Void reduce(List 
> results) throws IgniteException {
> return null;
> }
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (IGNITE-15101) Ignite tasks run in a security context other than the initiator's security context

2021-07-29 Thread Ignite TC Bot (Jira)



[ 
https://issues.apache.org/jira/browse/IGNITE-15101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17390150#comment-17390150
 ] 

Ignite TC Bot commented on IGNITE-15101:


{panel:title=Branch: [pull/9263/head] Base: [master] : No blockers 
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
{panel:title=Branch: [pull/9263/head] Base: [master] : New Tests 
(36)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}
{color:#8b}Java Client{color} [[tests 
36|https://ci.ignite.apache.org/viewLog.html?buildId=6108778]]
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testClientNode[async=false 
failWithTimeout=false mapAsync=false] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testGridClient[async=false 
failWithTimeout=false mapAsync=false] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testIgniteClient[async=true 
failWithTimeout=false mapAsync=true] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testServerNode[async=true 
failWithTimeout=false mapAsync=true] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testRestClient[async=true 
failWithTimeout=false mapAsync=true] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testClientNode[async=true 
failWithTimeout=false mapAsync=true] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testServerNode[async=true 
failWithTimeout=true mapAsync=false] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testRestClient[async=true 
failWithTimeout=true mapAsync=false] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testClientNode[async=true 
failWithTimeout=true mapAsync=false] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testClientNode[async=true 
failWithTimeout=false mapAsync=false] - PASSED{color}
* {color:#013220}IgniteClientTestSuite: 
ComputeTaskRemoteSecurityContextTest.testGridClient[async=true 
failWithTimeout=false mapAsync=false] - PASSED{color}
... and 25 new tests

{panel}
[TeamCity *-- Run :: All* 
Results|https://ci.ignite.apache.org/viewLog.html?buildId=6108860buildTypeId=IgniteTests24Java8_RunAll]

>  Ignite tasks run in a security context other than the initiator's security 
> context
> ---
>
> Key: IGNITE-15101
> URL: https://issues.apache.org/jira/browse/IGNITE-15101
> Project: Ignite
>  Issue Type: Improvement
>Reporter: Mikhail Petrov
>Assignee: Mikhail Petrov
>Priority: Major
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> Ignite tasks run in a security context other than the initiator's security 
> context.
> Reproducer:
> 1. Make TestSecurityProcessor#authenticatedSubjects to return 
> TestSecurityProcessor#SECURITY_CONTEXTS values to determine client subject id 
> after authentication like:
> {code:java}
> return 
> SECURITY_CONTEXTS.values().stream().map(SecurityContext::subject).collect(Collectors.toList());
> {code}
> 2.
> {code:java}
> public class TaskSecurityContextTest extends AbstractSecurityTest {
> /** */
> private static final String TASK_NAME = 
> "org.apache.ignite.internal.processors.security.events.TaskSecurityContextTest$TestComputeTask";
> /** {@inheritDoc} */
> @Override protected IgniteConfiguration getConfiguration(String 
> igniteInstanceName) throws Exception {
> return super.getConfiguration(igniteInstanceName)
> .setClientConnectorConfiguration(
> new ClientConnectorConfiguration().setThinClientConfiguration(
> new 
> ThinClientConfiguration().setMaxActiveComputeTasksPerConnection(1)));
> }
> /** */
> @Test
> public void test() throws Exception {
> IgniteEx ignite = startGridAllowAll("srv");
> String login = "test";
> IgniteClient cli = Ignition.startClient(new ClientConfiguration()
> .setAddresses(Config.SERVER)
> .setUserName(login)
> .setUserPassword("")
> );
> UUID subjId = 
> ignite.context().security().authenticatedSubjects().stream()
> .filter(subj -> subj.login().equals(login))
> .findFirst()
> .get()
> .id();
> cli.compute().execute(TASK_NAME, subjId);
> }
> /** Test compute task. */
> public static class TestComputeTask extends ComputeTaskAdapter Void> {
> /** {@inheritDoc} */
> @Override public @NotNull Map map(
> List subgrid,
> @Nullable

[jira] [Commented] (IGNITE-15101) Ignite tasks run in a security context other than the initiator's security context

[jira] [Commented] (IGNITE-15101) Ignite tasks run in a security context other than the initiator's security context

2 matches

Site Navigation

Mail list logo

Footer information