[ https://issues.apache.org/jira/browse/BOOKKEEPER-959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15676071#comment-15676071 ]
Enrico Olivelli commented on BOOKKEEPER-959: -------------------------------------------- I have updated the PR, this is the full list of changes: - a breaking change to the Auth Plugin API (which used Protobuf shaded dependency and so it was not usable by develpers of third party plugins) - a breaking change to the protocol (this change affects only users of auth plugin of 4.4.0) - introduction of BookKeeperPrincipal, which represents the user bound to the connection - introduction of ClientSideConnectionPeer and BookieSideConnectionPeer , which are handles to the connection, this classes allow AuthPlugins (and in the future new kind of plugins) to access principals bound to the connection, the remote address of the connected peer and also allow plugins to drop the connection - introduction of ClientConfiguration#CLIENT_ROLE configuration property - the move of ClientConfiguration#CLIENT_AUTH_PROVIDER_FACTORY_CLASS to AbstractConfiguration because it is to be configured on Bookie side to (for usage by the Auditor) - introduction of a way to perform a rolling upgrade from authentication disabled to authentication enabled The CLIENT_ROLE property is used internally to make the Auditor let the Client Side Auth plugin to known that the connection will be used by the 'system', valid values are: - standard (standard clients) - system (the auditor and autorecovery) Is has been introduced to let the future SASL Kerberos Auth Plugin (BOOKKEEPER-391) to use different configuration for there two kind of usecases, it will be useful to any other plugin too The xxxxPeer classes enhance the previous way of telling to the AuthPlugin about the origin of the connection (in 4.4.0 only the SocketAddress was given), during the discussion about SSL support (BOOKKEEPER-588) it seemed required to make the AuthPlugin: - access other Principals bound to the connection (like SSL certificates, both from the server and the client side) - a way to let the Plugin drop the connection in case of autorization expiration (like SSL client side expired certificate) > ClientAuthProvider and BookieAuthProvider Public API used Protobuf Shaded > classes > --------------------------------------------------------------------------------- > > Key: BOOKKEEPER-959 > URL: https://issues.apache.org/jira/browse/BOOKKEEPER-959 > Project: Bookkeeper > Issue Type: Bug > Components: bookkeeper-client, bookkeeper-server > Affects Versions: 4.4.0 > Reporter: Enrico Olivelli > Assignee: Enrico Olivelli > Priority: Blocker > Fix For: 4.5.0 > > > With 4.4.0 we introduced the ability to implement custom authentication > plugins. > The new interfaces ClientAuthProvider and BookieAuthProvider depend on > ExtensionRegistry, which is a shaded dependency. > As a consequence it is not possibile to implement any custom auth provider in > code outside the project, because shaded/relocated dependencies cannot be > used. > We need to break the actual interface and introduce a new way to implement > such plugins in a portable way -- This message was sent by Atlassian JIRA (v6.3.4#6332)