[
https://issues.apache.org/jira/browse/IGNITE-12759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17068713#comment-17068713
]
Denis Garus commented on IGNITE-12759:
--------------------------------------
[~ivan.glukos], thank you very much for the review and proposals.
I like your responsibility lists, and I contained them to JavaDoc with minor
changes:
_added: Keeping and propagating authenticated security subject for thin
clients;_
_changed: Keeping and propagating authenticated security contexts for_ *_nodes
and_* _thin clients._
So we get:
{code:java}
/**
* Gets authenticated node subject.
*
* @param subjId Subject ID.
* @return Security subject.
*/
public SecuritySubject authenticatedSubject(UUID subjId) throws
IgniteCheckedException;
{code}
This method was not changed and should return the *node* subject.
{code:java}
/**
* Gets security context for authenticated nodes and thin clients.
*
* @param subjId Security subject id.
* @return Security context or null if not found.
*/
public default SecurityContext securityContext(UUID subjId);
{code}
This method returns the context for nodes and thin clients.
>> #withContext(ctx / subjId) forces current thread to perform operations is
>> secure mode;
This method, as reflected in JavaDoc, creates OperationSecurityContext. All
calls of methods authorize(String, SecurityPermission) or
authorize(SecurityPermission) will be processed into the context of
SecurityContext that is associated with the security subject with given subjId
until holder OperationSecurityContext will be closed.
>>Difference between security subject and security context
I don't know. I think we should delete the security context in 3.0 version.
>> the common pattern here is to embed custom GridSecurityProcessor via Ignite
>> plugin and keep default IgniteSecurityProcessor
We have TestSecurityProcessor.
But for 3.0 version we could create default security plugin implementation
that will be good to start working with Ignite's security.
> Getting a SecurityContext from GridSecurityProcessor
> ----------------------------------------------------
>
> Key: IGNITE-12759
> URL: https://issues.apache.org/jira/browse/IGNITE-12759
> Project: Ignite
> Issue Type: Improvement
> Components: security
> Reporter: Denis Garus
> Assignee: Denis Garus
> Priority: Major
> Labels: iep-41
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Extend the _GridSecurityProcessor_ interface by adding _securityContext(UUID
> subjId)_ method and use this method to get the actual security context.
> h4. Backward compatibility
> The logic of getting security context for Ignite:
> # Try to get a security context using _ClusterNode_ attributes (as it works
> now);
> # Get a security context through _GridSecurityProcessor_.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
