aurora-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Sweeney (JIRA)" <>
Subject [jira] [Commented] (AURORA-351) Consider using Apache Shiro for scheduler Authentication and Authorization
Date Tue, 26 Aug 2014 19:07:57 GMT


Kevin Sweeney commented on AURORA-351:

I looked at integrating this yesterday and I like a lot of the features it has, specifically
its permissions model and automatic mapping to REST endpoints. I can send a proposal to dev@
later but here are some notes:

- Guice integration, either via AOP and @RequiresPermission/@RequiresRole annotations or a
set of servlet filters and a straightforward ini configuration.
- A simple permission syntax. Permissions for REST resources can be auto-generated via the
REST resource name. For example {{GET /maintenance}} would require {{maintenance:read}} and
{{POST /maintenance}} would require {{maintenance:create}}.
- Built in filters for POST formdata authentication and HTTP basic auth
- Built in support for flat-file and LDAP realms (using JNDI)
- Possible to support "complex" workflows, such as authenticate via SPNEGO, then authorization
via information in LDAP.

Potential roadblocks:
- ShiroWebModule needs a handle to the ServletContext in its constructor - this is currently
hidden from us in Twitter's HttpServerDispatch module.
- Shiro provides 2 HTTP authentication filters out of the box - form auth and basic auth.
We'd need to write some glue for SPNEGO authentication if we want to use that.
- We probably won't need Shiro's Remember Me or Session management features.

> Consider using Apache Shiro for scheduler Authentication and Authorization
> --------------------------------------------------------------------------
>                 Key: AURORA-351
>                 URL:
>             Project: Aurora
>          Issue Type: Story
>          Components: Scheduler, Security
>            Reporter: Kevin Sweeney
>            Assignee: Kevin Sweeney

This message was sent by Atlassian JIRA

View raw message