phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (PHOENIX-4168) Pluggable Remote User Extraction for Phoenix Query Server
Date Wed, 06 Sep 2017 19:29:00 GMT


Josh Elser commented on PHOENIX-4168:

Thanks for the ping, James!

[~alexaraujo], letting these RemoteUserExtractors be pluggable was definitely a design goal
(and custom implementations would be awesome!). If you have the motivation to build some implementations
for x509 (or other things), I'd love to help shepherd those into Avatica as well for others
to re-use.

That said, this seems like a nice, straightforward change to PQS that hooks into Phoenix's
existing InstanceResolver class with a test class! +1 pending QA

One minor nit:

+    Assert.assertTrue(extractor instanceof QueryServer.PhoenixRemoteUserExtractor);

It would be nice to include an error message on this call that informs us what kind of object
{{extractor}} actually was.

Looking forward to seeing what else you have in mind to build on top of this :)

> Pluggable Remote User Extraction for Phoenix Query Server
> ---------------------------------------------------------
>                 Key: PHOENIX-4168
>                 URL:
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Alex Araujo
>            Assignee: Alex Araujo
>            Priority: Minor
>         Attachments: PHOENIX-4168.v1.patch
> PQS supports impersonation by pulling a user's identity from an HTTP parameter. Make
this pluggable to allow other forms of extraction (for example, pulling the identity out of
an X509Certificate).

This message was sent by Atlassian JIRA

View raw message