Hi, I am also trying to develop a security plugin for Ignite. Security context in case of visor call is null and even the SecurityContextHolder wont work. Because,
1. *SecurityContextHolder* has a ThreadLocal variable holding the *SecurityContext*. So if your calls of authenticate and authorize happen in same thread like the *REST* call, it will work. Try printing Thread.currentThread().getName() in your calls. You will understand what I am saying. 2. When you connect visor to the grid, *authenticateNode* method is called. And after that any call you make calls *authorize* method only , that too if plugin was configured on visor. So *SecurityContextHolder.set()* happens in the *authenticateNode* which is called in *tcp-dicovery-worker* thread. And *SecurityContextHolder.get()* happens in *authorize* method which is called in a separate thread depending on the visor call. So here *SecurityContextHolder* will not work. For cases of visor or any server node, thick client joining the cluster, *SecurityContext* is passed null. To overcome this, you need to store local nodes security context in a field in your plugin say *localSecurityContext* representing security context of local node. You can try something like this : /public class MySecurityProcessor extends GridProcessorAdapter implements DiscoverySpiNodeAuthenticator, GridSecurityProcessor, IgnitePlugin { *private MySecurityContext localSecurityContext;* ................ public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException { ........................ //write your logic to authenticate node and return Security Context //Check if node is local, and store the security context in your local variable before returning * if(node.isLocal()) localSecurityContext= .......* } public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException { SecuritySubject secureSecuritySubject = new SecuritySubject( authenticationContext.subjectId(), authenticationContext.subjectType(), authenticationContext.credentials().getLogin(), authenticationContext.address() ); SecurityContext securityContext = new MySecurityContext(secureSecuritySubject, accessToken); SecurityContextHolder.set(securityContext); return securityContext; } public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException { System.out.println( SecurityContextHolder.get()); System.out.println( securityCtx ); //If context is null use localSecurityContext *if(securityCtx==null) securityCtx=localSecurityContext;* //do some authorization ..................... } ...... }/ Note that this will work if *isGlobalNodeAuthentication* is true. Because only then *authenticateNode* method is called on each joining node (instead of coordinator) and you can save the context in local variable. Also the joining node must also have the plugin configured for this to work. -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/