accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Allen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-1929) Current auth/auth/perm API doesn't well support multiple authentication domains
Date Mon, 25 Nov 2013 19:12:35 GMT
Michael Allen created ACCUMULO-1929:
---------------------------------------

             Summary: Current auth/auth/perm API doesn't well support multiple authentication
domains
                 Key: ACCUMULO-1929
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1929
             Project: Accumulo
          Issue Type: Bug
            Reporter: Michael Allen


The current {{Authenticator}} / {{Authorizor}} / {{PermissionHandler}} API doesn't provide
a good method to support multiple authentication domains.  

While the {{Authenticator}} object accepts abstract {{AuthenticationToken}} objects which
can be used to point a request towards a particular domain (by including domain-specific knowledge
in the token subclass), the {{Authorizor}} and {{PermissionHandler}} objects share no such
abstract class.  A call like {{Authorizor.getCachedUserAuthorization(String user)}} can't
tell if the user in question is the user for domain 1, 2, 3, and so on, without having the
rest of the system play some crazy tricks to encode that string in some unnatural way.

One simple-ish solution is pass the {{AuthenticationToken}} object on to more than one call
in the  {{Authenticator}} / {{Authorizor}} / {{PermissionHandler}} system.  That way, its
domain knowledge can travel through to the other parts and be used to route requests accordingly.
 



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message