aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Farner" <wfar...@apache.org>
Subject Re: Review Request 33659: Add support for shorthand names of security realm modules.
Date Wed, 29 Apr 2015 21:14:10 GMT


> On April 29, 2015, 7:35 p.m., Kevin Sweeney wrote:
> > docs/security.md, line 57
> > <https://reviews.apache.org/r/33659/diff/1/?file=944687#file944687line57>
> >
> >     The only weird thing is that IniRealm handles both AUTHN and AUTHZ. So there's
a potential misconfiguration:
> >     
> >     ```
> >     -shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHZ
> >     -http_authentication_mechanism=BASIC
> >     ```
> >     
> >     This will cause IniRealm to get passed UsernamePasswordCredentials from Basic
auth (and thus perform authentication), with Kerberos completely dark. How would you feel
about naming this INI_AUTHNZ with a TODO to create INI_AUTHN and INI_AUTHZ realms that will
only participate in one stage?

I was dutifully implementing what was in the ticket.  Can you update the ticket to this if
it is what you would prefer?


- Bill


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33659/#review82002
-----------------------------------------------------------


On April 29, 2015, 4:45 a.m., Bill Farner wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33659/
> -----------------------------------------------------------
> 
> (Updated April 29, 2015, 4:45 a.m.)
> 
> 
> Review request for Aurora and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1290
>     https://issues.apache.org/jira/browse/AURORA-1290
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> I initially went down the path of a custom `Parser` that extended `ModuleParser`, but
it turns out that doesn't work.  Parsers are identified by type, and a specific parser on
the `@CmdLine` arg would have to reimplement the guts of `SetParser`.  As a result, i decided
it was more sane to bake the shorthand list in our canonical parser of modules.
> 
> 
> Diffs
> -----
> 
>   docs/security.md db2e92495661800ef513334568810f16fcf513e1 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf ef502b7dcc48c716f71ab5ce920084917564f6ff

>   src/main/java/org/apache/aurora/scheduler/http/api/security/ModuleParser.java c96821683b4569977d6d2b8ed657b0625bdd1903

> 
> Diff: https://reviews.apache.org/r/33659/diff/
> 
> 
> Testing
> -------
> 
> End-to-end tests pass.
> 
> 
> Thanks,
> 
> Bill Farner
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message