Yes, I said about it at 07.19. http://apache-ignite-developers.2346864.n4.nabble.com/Improvements-for-new-security-approach-td42698.html#a42708 And in my solution, I just transmitted security subjects for rest requests.
If you remove ATTR_SECURITY_SUBJECT_V2, it breaks compatibility between old versions and new. чт, 20 февр. 2020 г. в 15:56, Denis Garus <garus....@gmail.com>: > Hi, Igniters! > > > At present, a security subject id is assumed to be node id. > > But when we are dealing with thin client, JDBC or REST subject id is random > UUID. In this case, we cannot get the subject information on a remote node, > and we get problems like these [1], [2]. > > To fix the problem, we should spread the client session to the whole > cluster. > > > I want to suggest a solution to the problem. > > > First, we should get subject information using GridSecurityProcessor. > > How GridSecurityProcessor will retrieve a subject data, it is up to plugin > developers. > > > Second, we should get rid of the assumption that a subject id is a node id > and remove the ATTR_SECURITY_SUBJECT_V2 attribute. > > > I have prepared PoC PR [3] that: > > - places the existing logic of spreading security context to > GridSecurityProcessor; > > - uses GridSecurityProcessor to get SecurityContext. > > > > 1. > > http://apache-ignite-developers.2346864.n4.nabble.com/JDBC-thin-client-incorrect-security-context-td45929.html > 2. https://issues.apache.org/jira/browse/IGNITE-12589 > 3. https://github.com/apache/ignite/pull/7375 >
