aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giulio Eulisse <giulio.euli...@cern.ch>
Subject Re: Review Request 51893: Allow cookie based authentication
Date Fri, 07 Oct 2016 10:48:07 GMT


> On Oct. 6, 2016, 4:46 p.m., Stephan Erb wrote:
> > docs/operations/security.md, line 181
> > <https://reviews.apache.org/r/51893/diff/12/?file=1525261#file1525261line181>
> >
> >     Does this require modifications of the scheduler? How does it pick up the necessary
information in your implementation?

No modification to the scheduler is required. The frontend adds a few HTTP headers for autheticated
users which contain login and groups they belong to. The headers can eventually be used by
a Shiro plugin which extracts authentication information and applies authorization rules.
The frontend and the scheduler are on the same machine and only the frontend can talk to the
backend, hence we are guaranteed that the headers cannot be spoofed.


- Giulio


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51893/#review151674
-----------------------------------------------------------


On Oct. 6, 2016, 11:14 a.m., Giulio Eulisse wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51893/
> -----------------------------------------------------------
> 
> (Updated Oct. 6, 2016, 11:14 a.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Stephan Erb.
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Allow cookie based authentication
> 
> This allows aurora client to connect to servers which are behind a frontend which expects
some sort of cookie to autheticate and authorize users. The cookie should be stored in MozillanCookieJar
format in a file named `~/.aurora-token`.
> 
> 
> Diffs
> -----
> 
>   RELEASE-NOTES.md 1819eaa20cf5014228643a1e120316d646cc2824 
>   docs/operations/security.md 46e0b8a9db654f52467f9adf36307a6a97a7a3ec 
>   src/main/python/apache/aurora/admin/aurora_admin.py fbebbab8c827b5695042d18770d850e31fc38122

>   src/main/python/apache/aurora/client/cli/client.py fa0c2648c5ff7ea6c9d949cf8cd9b9795d452e98

>   src/main/python/apache/aurora/common/cookie_auth_module.py PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/51893/diff/
> 
> 
> Testing
> -------
> 
> $ cat ~/aurora/clusters.json
> [
> {
>   "name": "build",
>   "scheduler_uri": "https://aliaurora.cern.ch",
>   "auth_mechanism": "COOKIE"
> }
> ]
> $ dist/aurora.pex quota get build/root
> 
> 
> Thanks,
> 
> Giulio Eulisse
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message