Details
-
Bug
-
Status: Patch Available
-
Minor
-
Resolution: Unresolved
-
2.7
-
None
-
None
Description
Preposition:
Custom GridSecurityProcessor implementation allows optional authentication. With other words, if some credentials are presents then authentication performed, otherwise - not (some restricted SecurityContext returned).
REST API works fine. If credentials are present or the auth request was made then the auth works as desired, if not - it also works but only for some authorized requests.
The problem:
CommandHandler which is used for controlling a cluster through the CLI script command.sh|bat doesn't respect credential parameters and sends auth request only in case of authentication exception for a regular request. In the described case of optional authentication it never happens, so the result always depends on the "default" Permissions.
Possible solution:
Change GridClientNioTcpConnection to always send first an auth request in case of provided credentials.
Attachments
Issue Links
- links to
