Apache Ignite Users

Query on implementing GridSecurityProcessor

Classic

List

Threaded

4 messages Options

vbm

Query on implementing GridSecurityProcessor

Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."

In the GridSecurityProcessor interface the AuthenticationContext, is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}

Regards,
Vishwas

--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

vbm

Re: Query on implementing GridSecurityProcessor

The uuid is set randomly and as we are not allowed to update the node attributes, I am not sure how this can be implemented using node attributes.

Any idea on how this can be achieved ?

On Sun, 22 Nov, 2020, 19:22 vbm, <[hidden email]> wrote:

Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."

In the GridSecurityProcessor interface the AuthenticationContext, is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}

Regards,
Vishwas

--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

aealexsandrov

Re: Query on implementing GridSecurityProcessor

Hello,

I think you should post your question on the Ignite Developer List:

http://apache-ignite-developers.2346864.n4.nabble.com/

IEP41 was developed by Denis Garus and discussed in the following thread:

http://apache-ignite-developers.2346864.n4.nabble.com/Security-Subject-of-thin-client-on-remote-nodes-td46029.html

You can try asking him in this thread.

BR,
Andrew

24.11.2020 21:06, Vishwas Bm пишет:

The uuid is set randomly and as we are not allowed to update the node attributes, I am not sure how this can be implemented using node attributes.

Any idea on how this can be achieved ?

On Sun, 22 Nov, 2020, 19:22 vbm, <[hidden email]> wrote:

Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."

In the GridSecurityProcessor interface the AuthenticationContext, is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}

Regards,
Vishwas

--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

vbm

Re: Query on implementing GridSecurityProcessor

Yes. I have posted the question on developer list.

On Fri, 27 Nov, 2020, 16:28 andrei, <[hidden email]> wrote:

Hello,

I think you should post your question on the Ignite Developer List:

http://apache-ignite-developers.2346864.n4.nabble.com/

IEP41 was developed by Denis Garus and discussed in the following thread:

http://apache-ignite-developers.2346864.n4.nabble.com/Security-Subject-of-thin-client-on-remote-nodes-td46029.html

You can try asking him in this thread.

BR,
Andrew

24.11.2020 21:06, Vishwas Bm пишет:

The uuid is set randomly and as we are not allowed to update the node attributes, I am not sure how this can be implemented using node attributes.

Any idea on how this can be achieved ?

On Sun, 22 Nov, 2020, 19:22 vbm, <[hidden email]> wrote:

Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."

In the GridSecurityProcessor interface the AuthenticationContext, is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}

Regards,
Vishwas

--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/