aurora-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bhuvan Arumugam <>
Subject Authentication for aurora scheduler webui
Date Wed, 13 Aug 2014 20:35:21 GMT

This is similar to this thread [1], but for aurora scheduler. We are
implementing cookie based authentication for aurora scheduler (port:
8080). It is a single sign-on implementation. The unauthenticated
users will be redirected to a login service. After user is
successfully authenticated in the login service, a cookie will be
added in this domain. The cookie is validated against the login
service, before the page is rendered.

I wish to get input on the design we are planning to implement, for
aurora scheduler. Ideally, we want to grant access to aurora scheduler
only for authenticated users.

The requests are processed using jetty server and servlet container.
Precisely, they are processed using
org.apache.aurora.scheduler.http.JettyServerModule. The http handle
for every request are accessible from here. Most of requests, if not
all, are served by filter based handlers,
org.apache.aurora.scheduler.http.CorsFilter is one among many. The
doFilter() method is overridden in these filters.

To implement authentication, we'll fix the filters to deal with login
rediect, r/w cookie & validate the session. The filter would check for
the cookie. If auth cookie is not present, user will be redirected to
the auth service. If auth cookie is present, it'll be validated and
http filter will be processed.

The authentication hooks could be added in following filters:

  1. org.apache.aurora.scheduler.http.CorsFilter
  2. org.apache.aurora.scheduler.http.LeaderRedirectFilter
  3. org.apache.aurora.scheduler.http.AbstractFilter

Is there a better approach to implement authentication in aurora scheduler?


Thank you,
Bhuvan Arumugam

View raw message