nishantmonu51 opened a new issue #8217: Trusted Domain/IP address based authenticator for Druid URL: https://github.com/apache/incubator-druid/issues/8217 ### Description Implement a `TrustedDomainAuthenticator` which allows traffic from pre-configured domain, Ip address to pass. Configurable properties for the authenticator - * `druid.authenticator.<authenticator_name>.domain` : trusted domain name or IP address, Authentication will be skipped for any connection coming from a host whose hostname ends with this domain name. If authentication is expected to be skipped for connections from only a given host, fully qualified hostname of that host needs to be specified. * `druid.authenticator.<authenticator_name>.useForwardedHeaders` : When trusted domain authentication is enabled, the clients connecting to druid could pass through many layers of proxy. Some proxies also append its own ip address to 'X-Forwarded-For' header before passing on the request to another proxy. Some proxies also connect on behalf of client. if this config is set to true and if 'X-Forwarded-For' is present, trusted domain authenticator will use left most ip address from X-Forwarded-For header. * `druid.authenticator.<authenticator_name>.identity` - The identity of the requester. ### Motivation Use case is to be able to allow traffic from trusted hosts within the VPC/firewall in the druid cluster without additional authentication overheads.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
