Please wait. I'm watching your review. вт, 6 апр. 2021 г. в 20:14, Denis Garus <garus....@gmail.com>:
> Hello, Igniters! > > I've raised the PR [1] for the issue [2]. > Could somebody review it? > > Suggested implementation > > If Ignite Security (IS) is enabled, then executors, accessed through the > PoolProcessor, > are wrapped to a security-aware implementation. Security-aware > implementation sets proper > security context for tasks that the executor performs. > > The field subject id was deleted from communication requests for cache and > compute operations; > a remote node gets the subject id that initiates the ignite operation from > GridIoSecurityAwareMessage. > IgniteSecurity uses this id to set a proper security context during the > execution of the request. > > Remove GridTaskThreadContextKey#TC_SUBJ_ID, > GridCacheContext#subjectIdPerCall; > a consumer has to obtain a current security subject id through > IgniteSecurity > or the set of SecurityUtils methods. > > For all events that include the subject id field, are set the following > rule. > If IS is enabled, this field must contain a subject id that initiates > an ignite operation, otherwise null. > > Implement SecurityAwareCustomMessageWrapper for discovery requests that act > as > GridIoSecurityAwareMessage for communication requests. It allows setting > proper > context during the discovery message execution. > > Implement SecurityAwareGridRestCommandHandler to allow GridRestProcessor > to execute all client requests with the proper security context. > > 1. https://github.com/apache/ignite/pull/8038 > 2. https://issues.apache.org/jira/browse/IGNITE-13112 >
