Query on implementing GridSecurityProcessor

classic Classic list List threaded Threaded
4 messages Options
vbm vbm
Reply | Threaded
Open this post in threaded view
|

Query on implementing GridSecurityProcessor

Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41 

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."


In the GridSecurityProcessor interface the AuthenticationContext,  is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}


Regards,
Vishwas



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
vbm vbm
Reply | Threaded
Open this post in threaded view
|

Re: Query on implementing GridSecurityProcessor

The uuid is set randomly and as we are not allowed to update the node attributes, I am not sure how this can be implemented using node attributes. 

Any idea on how this can be achieved ?



On Sun, 22 Nov, 2020, 19:22 vbm, <[hidden email]> wrote:
Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."


In the GridSecurityProcessor interface the AuthenticationContext,  is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}


Regards,
Vishwas



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
aealexsandrov aealexsandrov
Reply | Threaded
Open this post in threaded view
|

Re: Query on implementing GridSecurityProcessor

Hello,

I think you should post your question on the Ignite Developer List:

http://apache-ignite-developers.2346864.n4.nabble.com/

IEP41 was developed by Denis Garus and discussed in the following thread:

http://apache-ignite-developers.2346864.n4.nabble.com/Security-Subject-of-thin-client-on-remote-nodes-td46029.html

You can try asking him in this thread.

BR,
Andrew

24.11.2020 21:06, Vishwas Bm пишет:
The uuid is set randomly and as we are not allowed to update the node attributes, I am not sure how this can be implemented using node attributes. 

Any idea on how this can be achieved ?



On Sun, 22 Nov, 2020, 19:22 vbm, <[hidden email]> wrote:
Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."


In the GridSecurityProcessor interface the AuthenticationContext,  is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}


Regards,
Vishwas



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
vbm vbm
Reply | Threaded
Open this post in threaded view
|

Re: Query on implementing GridSecurityProcessor

Yes. I have posted the question on developer  list. 


On Fri, 27 Nov, 2020, 16:28 andrei, <[hidden email]> wrote:

Hello,

I think you should post your question on the Ignite Developer List:

http://apache-ignite-developers.2346864.n4.nabble.com/

IEP41 was developed by Denis Garus and discussed in the following thread:

http://apache-ignite-developers.2346864.n4.nabble.com/Security-Subject-of-thin-client-on-remote-nodes-td46029.html

You can try asking him in this thread.

BR,
Andrew

24.11.2020 21:06, Vishwas Bm пишет:
The uuid is set randomly and as we are not allowed to update the node attributes, I am not sure how this can be implemented using node attributes. 

Any idea on how this can be achieved ?



On Sun, 22 Nov, 2020, 19:22 vbm, <[hidden email]> wrote:
Hi,

We have implemented the security plugin by implementing
GridSecurityProcessor .

We are using sqlline for querying the cache and are hitting the below issue
(i.e remote node not able to get the security context)

https://cwiki.apache.org/confluence/display/IGNITE/IEP-41

I am not able to get how to implement the below part from IEP-41
"The subject id for the node can be stored in its
IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID attribute."


In the GridSecurityProcessor interface the AuthenticationContext,  is only
available in authenticate function.
@Override public SecurityContext authenticate(AuthenticationContext ctx)

If I make IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_ID as a userAttribute
will I be able to update the attribute ?
Will this attribute be visible when eventually below function gets called ?

public SecurityContext securityContext(UUID subjId){

}


Regards,
Vishwas



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/