accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1028) Distinguish the user principal from the authentication token
Date Sun, 03 Feb 2013 21:18:12 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13569896#comment-13569896
] 

Christopher Tubbs commented on ACCUMULO-1028:
---------------------------------------------

Another reason to pass the token as an object instead of a byte array is because we can then
get the type (from the class name) to serialize in the thrift object, rather than rely on
the external serialization to embed the type in a consistent way. We need this, because if
we're going to do ACCUMULO-1027, we need to ensure the token is of the type the configured
authentication mechanism supports, before we pass it along to it (unless we want to just fail
with a generic "INVALID_TOKEN" message instead of the more descriptive "Authentication Token
type is supported by the configured authentication plugin").
                
> Distinguish the user principal from the authentication token
> ------------------------------------------------------------
>
>                 Key: ACCUMULO-1028
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1028
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: master, tserver
>            Reporter: Christopher Tubbs
>            Assignee: John Vines
>             Fix For: 1.5.0
>
>
> The user principal is something that uniquely identifies a user. An authentication token
is the item that authenticates the user principal, may be temporal, and may vary. It is not
clear from the implementation of ACCUMULO-259 that these are separate things, and I think
it would benefit the API to distinguish them.
> It could also simplify the API, for users transitioning from the old authentication stuff
to the new authentication stuff, because there would be a one-to-one mapping with the username/password
with which they are familiar:
> {code:java}
> public Connector getConnector(String username, byte[] password);
> {code}
> becomes
> {code:java}
> public <T extends AuthToken> Connector getConnector(Principal userPrincipal, T
authToken);
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message