There is the #ignite-security Slack channel; we can use it for discussion.
вт, 1 окт. 2019 г. в 09:14, Anton Vinogradov :
> Folks,
>
> Could you please create a slack channel to discuss this in an effective
> way?
>
> On Mon, Sep 30, 2019 at 5:36 PM Denis Garus wrote:
>
> > >>As a result, you
Folks,
Could you please create a slack channel to discuss this in an effective way?
On Mon, Sep 30, 2019 at 5:36 PM Denis Garus wrote:
> >>As a result, you can't load security on demand.
>
> Why?
> What is the difference between sending SecurityContext with every job's
> request and sending
I suppose that code works only with requests are made from
GridRestProcessor (It isn't a client, I call it like a fake client). As a
result, you can't load security on demand. If you want to do it, you
should transmit HTTP session and backward address of a node which
received REST request.
пн, 30
I finished with fixes: https://issues.apache.org/jira/browse/IGNITE-11992
>> Subject's size is unlimited, that can lead to a dramatic increase in
traffic between nodes.
I added network optimization for this case. I add a subject in the case
when ctx.discovery().node(secSubjId) == null.
>> Also,
Hello, Maksim!
Thank you for your effort and interest in the security of Ignite.
I would like you to pay attention to the discussion [1] and issue [2].
It looks like not only task should execute in the current security context
but all operations too, that is essential to determine a security id
Maksim
>> I want to fix 2-3-4 points under one ticket.
Please let me know once it's become ready to be reviewed.
On Thu, Sep 26, 2019 at 5:18 PM Maksim Stepachev
wrote:
> Hi.
>
> Anton Vinogradov,
>
> I want to fix 2-3-4 points under one ticket.
>
> The first was fixed in the ticket:
>
Maksim,
Could you please split IGNITE-11992 to subtasks with proper descriptions?
This will allow us to relocate discussion to the issues to solve each
problem properly.
On Thu, Jul 18, 2019 at 11:57 AM Denis Garus wrote:
> Hello, Maksim!
> Thanks for your analysis!
>
> I have a few questions
Hello, Maksim!
Thanks for your analysis!
I have a few questions about your proposals.
GridRestProcessor.
AFAIK, when GridRestProcessor handle client request
(GridRestProcessor#handleRequest)
it process authentication (GridRestProcessor#authenticate)
and then authorization of request
Hi, Ivan.
Yes, I have.
https://issues.apache.org/jira/browse/IGNITE-11992
I'm waiting for a visa.
чт, 18 июл. 2019 г. в 11:09, Ivan Rakov :
> Hello Max,
>
> Thanks for your analysis!
>
> Have you created a JIRA issue for discovered defects?
>
> Best Regards,
> Ivan Rakov
>
> On 17.07.2019
Hello Max,
Thanks for your analysis!
Have you created a JIRA issue for discovered defects?
Best Regards,
Ivan Rakov
On 17.07.2019 17:08, Maksim Stepachev wrote:
Hello, Igniters.
The main idea of the new security is propagation security context to
other nodes and does action with
Stepachev Maksim created IGNITE-11992:
-
Summary: Improvements for new security approach
Key: IGNITE-11992
URL: https://issues.apache.org/jira/browse/IGNITE-11992
Project: Ignite
Issue
Hello, Igniters.
The main idea of the new security is propagation security context to
other nodes and does action with initial permission. The solution looks
fine but has imperfections.
1. ZookeaperDiscoveryImpl doesn't implement security into itself.
As a result: Caused by: class
12 matches
Mail list logo