kylin-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "peng.jianhua (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KYLIN-2960) We should submit a new feature that it support the authentication for user and role and the authentication for user and group when the LDAP authentication was enabled.
Date Mon, 06 Nov 2017 11:09:00 GMT

    [ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16240146#comment-16240146
] 

peng.jianhua commented on KYLIN-2960:
-------------------------------------

Hi [~Aron.tao], thanks for your suggestion, I have rewritten the codes according to your advice,
it indeed becomes very simplified, and I modified three points, as follows.
1. Add a new class named LDAPAuthoritiesPopulator, which can return not only roles but also
groups of current user.
2. Replace the class AuthoritiesPopulator to LDAPAuthoritiesPopulator.
3. Add  "deprecated" annotation for the class AuthoritiesPopulator.
I have summit the codes, please check it, thank you very much.

> We should submit a new feature that it support the authentication for user and role and
the authentication for user and group when the LDAP authentication was enabled.
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KYLIN-2960
>                 URL: https://issues.apache.org/jira/browse/KYLIN-2960
>             Project: Kylin
>          Issue Type: New Feature
>          Components: General
>            Reporter: peng.jianhua
>            Assignee: peng.jianhua
>              Labels: patch
>         Attachments: 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch
>
>
> Currently, the user authentication interface that was provided by kylin to the third
party only supports user and role authentication. However only user and group have authentication
function when we use the LDAP authentication. In fact the authentication for user and role
and the authentication for user and group have the same functional characteristics between
different appplication system. So we should submit a new feature that it support the authentication
for user and role and the authentication for user and group when the LDAP authentication was
enabled.
> We supplied the checkPermission interface to implement the new feature. In the interface
we set user groups information to the userRoles parameter when the LDAP was enabled, on the
contrary we set user roles information to the userRoles parameter. The interface is as following:
> /**
>  * Checks if a user has permission on an entity.
>  * 
>  * @param user
>  * @param userRoles
>  * @param entityType String constants defined in AclEntityType 
>  * @param entityUuid
>  * @param permission
>  * 
>  * @return true if has permission
>  */
> abstract public boolean checkPermission(String user, List<String> userRoles, //
> 		String entityType, String entityUuid, Permission permission);



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message