geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GEODE-3447) Implement client authorization for the new protocol
Date Fri, 18 Aug 2017 20:59:01 GMT

    [ https://issues.apache.org/jira/browse/GEODE-3447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133618#comment-16133618
] 

ASF GitHub Bot commented on GEODE-3447:
---------------------------------------

Github user kohlmu-pivotal commented on a diff in the pull request:

    https://github.com/apache/geode/pull/719#discussion_r134050811
  
    --- Diff: geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthenticator.java
---
    @@ -40,20 +42,28 @@ public void receiveMessage(InputStream inputStream, OutputStream outputStream,
         properties.setProperty("username", authenticationRequest.getUsername());
         properties.setProperty("password", authenticationRequest.getPassword());
     
    +    authorizer = null; // authenticating a new user clears current authorizer
         try {
           Object principal = securityManager.authenticate(properties);
    -      authenticated = principal != null;
    +      if (principal != null) {
    +        authorizer = new ProtobufSimpleAuthorizer(principal, securityManager);
    +      }
         } catch (AuthenticationFailedException e) {
    -      authenticated = false;
    +      authorizer = null;
         }
     
    -    AuthenticationAPI.SimpleAuthenticationResponse.newBuilder().setAuthenticated(authenticated)
    +    AuthenticationAPI.SimpleAuthenticationResponse.newBuilder().setAuthenticated(isAuthenticated())
             .build().writeDelimitedTo(outputStream);
       }
     
       @Override
       public boolean isAuthenticated() {
    -    return authenticated;
    +    return authorizer != null;
    --- End diff --
    
    I must disagree with this logic. Something is NOT `authenticated` just because there is
an authorizer populated. A authorizer should be constructed BECAUSE something was `authenticated`


> Implement client authorization for the new protocol
> ---------------------------------------------------
>
>                 Key: GEODE-3447
>                 URL: https://issues.apache.org/jira/browse/GEODE-3447
>             Project: Geode
>          Issue Type: New Feature
>          Components: client/server
>            Reporter: Brian Baynes
>            Assignee: Bruce Schuchardt
>
> As a user of the new client/server protocol, I need to make sure the clients using the
protocol to access my grid are authorized to perform each operation they attempt.
> Implement client authorization for operations in new protocol based on existing authorization
configuration.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message