Hello, Igniters! I've raised the PR [1] for the issue [2]. Could somebody review it?
Suggested implementation If Ignite Security (IS) is enabled, then executors, accessed through the PoolProcessor, are wrapped to a security-aware implementation. Security-aware implementation sets proper security context for tasks that the executor performs. The field subject id was deleted from communication requests for cache and compute operations; a remote node gets the subject id that initiates the ignite operation from GridIoSecurityAwareMessage. IgniteSecurity uses this id to set a proper security context during the execution of the request. Remove GridTaskThreadContextKey#TC_SUBJ_ID, GridCacheContext#subjectIdPerCall; a consumer has to obtain a current security subject id through IgniteSecurity or the set of SecurityUtils methods. For all events that include the subject id field, are set the following rule. If IS is enabled, this field must contain a subject id that initiates an ignite operation, otherwise null. Implement SecurityAwareCustomMessageWrapper for discovery requests that act as GridIoSecurityAwareMessage for communication requests. It allows setting proper context during the discovery message execution. Implement SecurityAwareGridRestCommandHandler to allow GridRestProcessor to execute all client requests with the proper security context. 1. https://github.com/apache/ignite/pull/8038 2. https://issues.apache.org/jira/browse/IGNITE-13112
