geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anthony Baker (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GEODE-3000) Refactor Admin rest request to send credentials in Authentication header and use spring security to authenticate it.
Date Thu, 01 Jun 2017 17:00:10 GMT

    [ https://issues.apache.org/jira/browse/GEODE-3000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16033297#comment-16033297
] 

Anthony Baker commented on GEODE-3000:
--------------------------------------

Are you planning to support both the custom headers as well as the standard authentication
header?  If not, how will we deal with backwards-compatibility requirements?  Typically we
should support rolling upgrades of the server cluster followed by a more extended period of
time during which user's would upgrade their application clients.

> Refactor Admin rest request to send credentials in Authentication header and use spring
security to authenticate it.
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: GEODE-3000
>                 URL: https://issues.apache.org/jira/browse/GEODE-3000
>             Project: Geode
>          Issue Type: Improvement
>            Reporter: Jinmei Liao
>             Fix For: 1.2.0
>
>
> Currently, admin rest put security-password in the header and Jetty would log it in debug
level, we should send the authentication information in the authentication header so that
Jetty won't log them, and have the server side be able to authenticate that way.
> Currently the way these rest requests are sent are different for different request. We
need to uniform that first before we can do this refactoring.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message