[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[
https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vyacheslav Koptilin updated IGNITE-13112:
-
Reviewer: (was: Slava Koptilin)
> The current security context should be obtained using the IgniteSecurity
> interface only.
>
>
> Key: IGNITE-13112
> URL: https://issues.apache.org/jira/browse/IGNITE-13112
> Project: Ignite
> Issue Type: Bug
> Components: cache, security
>Affects Versions: 2.8.1
>Reporter: Denis Garus
>Assignee: Denis Garus
>Priority: Major
> Labels: iep-41
> Time Spent: 7h
> Remaining Estimate: 0h
>
> For getting the current security context, we have to use the IgniteSecurity
> interface only.
> We need to get rid of all other ways to transfer a security subject id.
> h4. Suggested implementation
> If Ignite Security (IS) is enabled, then executors, accessed through the
> {{PoolProcessor}}, are wrapped to a security-aware implementation.
> Security-aware implementation sets proper security context for tasks that the
> executor performs.
> The field subject id was deleted from communication requests for cache and
> compute operations; a remote node gets the subject id that initiates the
> ignite operation from {{GridIoSecurityAwareMessage}}. {{IgniteSecurity}} uses
> this id to set a proper security context during the execution of the request.
> Remove {{GridTaskThreadContextKey#TC_SUBJ_ID}},
> {{GridCacheContext#subjectIdPerCall}}; a consumer has to obtain a current
> security subject id through {{IgniteSecurity}} or the set of
> {{SecurityUtils}} methods.
> For all events that include the subject id field, are set the following rule.
> If IS is enabled, this field must contain a subject id that initiates an
> ignite operation, otherwise null.
> Implement {{SecurityAwareCustomMessageWrapper}} for discovery requests that
> act as {{GridIoSecurityAwareMessage}} for communication requests. It allows
> setting proper context during the discovery message execution.
> Implement {{SecurityAwareGridRestCommandHandler}} to allow
> {{GridRestProcessor}} to execute all client requests with the proper security
> context.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[
https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stepachev Maksim updated IGNITE-13112:
--
Reviewer: Slava Koptilin (was: Stepachev Maksim)
> The current security context should be obtained using the IgniteSecurity
> interface only.
>
>
> Key: IGNITE-13112
> URL: https://issues.apache.org/jira/browse/IGNITE-13112
> Project: Ignite
> Issue Type: Bug
> Components: cache, security
>Affects Versions: 2.8.1
>Reporter: Denis Garus
>Assignee: Denis Garus
>Priority: Major
> Labels: iep-41
> Time Spent: 7h
> Remaining Estimate: 0h
>
> For getting the current security context, we have to use the IgniteSecurity
> interface only.
> We need to get rid of all other ways to transfer a security subject id.
> h4. Suggested implementation
> If Ignite Security (IS) is enabled, then executors, accessed through the
> {{PoolProcessor}}, are wrapped to a security-aware implementation.
> Security-aware implementation sets proper security context for tasks that the
> executor performs.
> The field subject id was deleted from communication requests for cache and
> compute operations; a remote node gets the subject id that initiates the
> ignite operation from {{GridIoSecurityAwareMessage}}. {{IgniteSecurity}} uses
> this id to set a proper security context during the execution of the request.
> Remove {{GridTaskThreadContextKey#TC_SUBJ_ID}},
> {{GridCacheContext#subjectIdPerCall}}; a consumer has to obtain a current
> security subject id through {{IgniteSecurity}} or the set of
> {{SecurityUtils}} methods.
> For all events that include the subject id field, are set the following rule.
> If IS is enabled, this field must contain a subject id that initiates an
> ignite operation, otherwise null.
> Implement {{SecurityAwareCustomMessageWrapper}} for discovery requests that
> act as {{GridIoSecurityAwareMessage}} for communication requests. It allows
> setting proper context during the discovery message execution.
> Implement {{SecurityAwareGridRestCommandHandler}} to allow
> {{GridRestProcessor}} to execute all client requests with the proper security
> context.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[
https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stepachev Maksim updated IGNITE-13112:
--
Reviewer: Stepachev Maksim
> The current security context should be obtained using the IgniteSecurity
> interface only.
>
>
> Key: IGNITE-13112
> URL: https://issues.apache.org/jira/browse/IGNITE-13112
> Project: Ignite
> Issue Type: Bug
> Components: cache, security
>Affects Versions: 2.8.1
>Reporter: Denis Garus
>Assignee: Denis Garus
>Priority: Major
> Labels: iep-41
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> For getting the current security context, we have to use the IgniteSecurity
> interface only.
> We need to get rid of all other ways to transfer a security subject id.
> h4. Suggested implementation
> If Ignite Security (IS) is enabled, then executors, accessed through the
> {{PoolProcessor}}, are wrapped to a security-aware implementation.
> Security-aware implementation sets proper security context for tasks that the
> executor performs.
> The field subject id was deleted from communication requests for cache and
> compute operations; a remote node gets the subject id that initiates the
> ignite operation from {{GridIoSecurityAwareMessage}}. {{IgniteSecurity}} uses
> this id to set a proper security context during the execution of the request.
> Remove {{GridTaskThreadContextKey#TC_SUBJ_ID}},
> {{GridCacheContext#subjectIdPerCall}}; a consumer has to obtain a current
> security subject id through {{IgniteSecurity}} or the set of
> {{SecurityUtils}} methods.
> For all events that include the subject id field, are set the following rule.
> If IS is enabled, this field must contain a subject id that initiates an
> ignite operation, otherwise null.
> Implement {{SecurityAwareCustomMessageWrapper}} for discovery requests that
> act as {{GridIoSecurityAwareMessage}} for communication requests. It allows
> setting proper context during the discovery message execution.
> Implement {{SecurityAwareGridRestCommandHandler}} to allow
> {{GridRestProcessor}} to execute all client requests with the proper security
> context.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[
https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nikolay Izhikov updated IGNITE-13112:
-
Description:
For getting the current security context, we have to use the IgniteSecurity
interface only.
We need to get rid of all other ways to transfer a security subject id.
h4. Suggested implementation
If Ignite Security (IS) is enabled, then executors, accessed through the
{{PoolProcessor}}, are wrapped to a security-aware implementation.
Security-aware implementation sets proper security context for tasks that the
executor performs.
The field subject id was deleted from communication requests for cache and
compute operations; a remote node gets the subject id that initiates the ignite
operation from {{GridIoSecurityAwareMessage}}. {{IgniteSecurity}} uses this id
to set a proper security context during the execution of the request.
Remove {{GridTaskThreadContextKey#TC_SUBJ_ID}},
{{GridCacheContext#subjectIdPerCall}}; a consumer has to obtain a current
security subject id through {{IgniteSecurity}} or the set of {{SecurityUtils}}
methods.
For all events that include the subject id field, are set the following rule.
If IS is enabled, this field must contain a subject id that initiates an ignite
operation, otherwise null.
Implement {{SecurityAwareCustomMessageWrapper}} for discovery requests that act
as {{GridIoSecurityAwareMessage}} for communication requests. It allows setting
proper context during the discovery message execution.
Implement {{SecurityAwareGridRestCommandHandler}} to allow
{{GridRestProcessor}} to execute all client requests with the proper security
context.
was:
For getting the current security context, we have to use the IgniteSecurity
interface only.
We need to get rid of all other ways to transfer a security subject id.
h4. Suggested implementation
If Ignite Security (IS) is enabled, then executors, accessed through the
PoolProcessor, are wrapped to a security-aware implementation. Security-aware
implementation sets proper security context for tasks that the executor
performs.
The field subject id was deleted from communication requests for cache and
compute operations; a remote node gets the subject id that initiates the ignite
operation from GridIoSecurityAwareMessage. IgniteSecurity uses this id to set a
proper security context during the execution of the request.
Remove GridTaskThreadContextKey#TC_SUBJ_ID, GridCacheContext#subjectIdPerCall;
a consumer has to obtain a current security subject id through IgniteSecurity
or the set of SecurityUtils methods.
For all events that include the subject id field, are set the following rule.
If IS is enabled, this field must contain a subject id that initiates an ignite
operation, otherwise null.
Implement SecurityAwareCustomMessageWrapper for discovery requests that act as
GridIoSecurityAwareMessage for communication requests. It allows setting proper
context during the discovery message execution.
Implement SecurityAwareGridRestCommandHandler to allow GridRestProcessor to
execute all client requests with the proper security context.
> The current security context should be obtained using the IgniteSecurity
> interface only.
>
>
> Key: IGNITE-13112
> URL: https://issues.apache.org/jira/browse/IGNITE-13112
> Project: Ignite
> Issue Type: Bug
> Components: cache, security
>Affects Versions: 2.8.1
>Reporter: Denis Garus
>Assignee: Denis Garus
>Priority: Major
> Labels: iep-41
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> For getting the current security context, we have to use the IgniteSecurity
> interface only.
> We need to get rid of all other ways to transfer a security subject id.
> h4. Suggested implementation
> If Ignite Security (IS) is enabled, then executors, accessed through the
> {{PoolProcessor}}, are wrapped to a security-aware implementation.
> Security-aware implementation sets proper security context for tasks that the
> executor performs.
> The field subject id was deleted from communication requests for cache and
> compute operations; a remote node gets the subject id that initiates the
> ignite operation from {{GridIoSecurityAwareMessage}}. {{IgniteSecurity}} uses
> this id to set a proper security context during the execution of the request.
> Remove {{GridTaskThreadContextKey#TC_SUBJ_ID}},
> {{GridCacheContext#subjectIdPerCall}}; a consumer has to obtain a current
> security subject id through {{IgniteSecurity}} or the set of
> {{SecurityUtils}} methods.
> For all events that include the subject id field, are set the following rule.
> If IS is enabled, this field must contain a subject id that initiates an
> ignite operation,
[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[ https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Garus updated IGNITE-13112: - Description: For getting the current security context, we have to use the IgniteSecurity interface only. We need to get rid of all other ways to transfer a security subject id. h4. Suggested implementation If Ignite Security (IS) is enabled, then executors, accessed through the PoolProcessor, are wrapped to a security-aware implementation. Security-aware implementation sets proper security context for tasks that the executor performs. The field subject id was deleted from communication requests for cache and compute operations; a remote node gets the subject id that initiates the ignite operation from GridIoSecurityAwareMessage. IgniteSecurity uses this id to set a proper security context during the execution of the request. Remove GridTaskThreadContextKey#TC_SUBJ_ID, GridCacheContext#subjectIdPerCall; a consumer has to obtain a current security subject id through IgniteSecurity or the set of SecurityUtils methods. For all events that include the subject id field, are set the following rule. If IS is enabled, this field must contain a subject id that initiates an ignite operation, otherwise null. Implement SecurityAwareCustomMessageWrapper for discovery requests that act as GridIoSecurityAwareMessage for communication requests. It allows setting proper context during the discovery message execution. Implement SecurityAwareGridRestCommandHandler to allow GridRestProcessor to execute all client requests with the proper security context. was: For getting the current security context, we have to use the IgniteSecurity interface only. We need to get rid of all other ways to transfer a security subject id. > The current security context should be obtained using the IgniteSecurity > interface only. > > > Key: IGNITE-13112 > URL: https://issues.apache.org/jira/browse/IGNITE-13112 > Project: Ignite > Issue Type: Bug > Components: cache, security >Affects Versions: 2.8.1 >Reporter: Denis Garus >Assignee: Denis Garus >Priority: Major > Labels: iep-41 > Time Spent: 4h 50m > Remaining Estimate: 0h > > For getting the current security context, we have to use the IgniteSecurity > interface only. > We need to get rid of all other ways to transfer a security subject id. > h4. Suggested implementation > If Ignite Security (IS) is enabled, then executors, accessed through the > PoolProcessor, are wrapped to a security-aware implementation. Security-aware > implementation sets proper security context for tasks that the executor > performs. > The field subject id was deleted from communication requests for cache and > compute operations; a remote node gets the subject id that initiates the > ignite operation from GridIoSecurityAwareMessage. IgniteSecurity uses this id > to set a proper security context during the execution of the request. > Remove GridTaskThreadContextKey#TC_SUBJ_ID, > GridCacheContext#subjectIdPerCall; a consumer has to obtain a current > security subject id through IgniteSecurity or the set of SecurityUtils > methods. > For all events that include the subject id field, are set the following rule. > If IS is enabled, this field must contain a subject id that initiates an > ignite operation, otherwise null. > Implement SecurityAwareCustomMessageWrapper for discovery requests that act > as GridIoSecurityAwareMessage for communication requests. It allows setting > proper context during the discovery message execution. > Implement SecurityAwareGridRestCommandHandler to allow GridRestProcessor to > execute all client requests with the proper security context. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[ https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Maxim Muzafarov updated IGNITE-13112: - Fix Version/s: (was: 2.10) > The current security context should be obtained using the IgniteSecurity > interface only. > > > Key: IGNITE-13112 > URL: https://issues.apache.org/jira/browse/IGNITE-13112 > Project: Ignite > Issue Type: Bug > Components: cache, security >Affects Versions: 2.8.1 >Reporter: Denis Garus >Assignee: Denis Garus >Priority: Major > Labels: iep-41 > Time Spent: 4h 50m > Remaining Estimate: 0h > > For getting the current security context, we have to use the IgniteSecurity > interface only. > We need to get rid of all other ways to transfer a security subject id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[ https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Maxim Muzafarov updated IGNITE-13112: - Fix Version/s: 2.10 > The current security context should be obtained using the IgniteSecurity > interface only. > > > Key: IGNITE-13112 > URL: https://issues.apache.org/jira/browse/IGNITE-13112 > Project: Ignite > Issue Type: Bug > Components: cache, security >Affects Versions: 2.8.1 >Reporter: Denis Garus >Assignee: Denis Garus >Priority: Major > Labels: iep-41 > Fix For: 2.10 > > Time Spent: 4h 40m > Remaining Estimate: 0h > > For getting the current security context, we have to use the IgniteSecurity > interface only. > We need to get rid of all other ways to transfer a security subject id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (IGNITE-13112) The current security context should be obtained using the IgniteSecurity interface only.
[ https://issues.apache.org/jira/browse/IGNITE-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Denis Garus updated IGNITE-13112: - Summary: The current security context should be obtained using the IgniteSecurity interface only. (was: CacheEvent#subjectId is always null for cache events with types EVT_CACHE_STARTED and EVT_CACHE_STOPPED) > The current security context should be obtained using the IgniteSecurity > interface only. > > > Key: IGNITE-13112 > URL: https://issues.apache.org/jira/browse/IGNITE-13112 > Project: Ignite > Issue Type: Bug > Components: cache, security >Affects Versions: 2.8.1 >Reporter: Denis Garus >Assignee: Denis Garus >Priority: Major > Labels: iep-41 > Time Spent: 4h 40m > Remaining Estimate: 0h > > For getting the current security context, we have to use the IgniteSecurity > interface only. > We need to get rid of all other ways to transfer a security subject id. -- This message was sent by Atlassian Jira (v8.3.4#803005)
