Review Request 63237: KYLIN-2960 We should submit a new feature that it support the authentication for user and role and the authentication for user and group when the LDAP authentication was enabled.

Tue, 24 Oct 2017 00:39:06 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63237/
-----------------------------------------------------------

Review request for kylin, Dayue Gao, Dong Li, hongbin ma, and Wang Xiaoyu.


Bugs: KYLIN-2960
    https://issues.apache.org/jira/browse/KYLIN-2960


Repository: kylin


Description
-------

Currently, the user authentication interface that was provided by kylin to the 
third party only supports user and role authentication. However only user and 
group have authentication function when we use the LDAP authentication. In fact 
the authentication for user and role and the authentication for user and group 
have the same functional characteristics between different appplication system. 
So we should submit a new feature that it support the authentication for user 
and role and the authentication for user and group when the LDAP authentication 
was enabled.
We supplied the checkPermission interface to implement the new feature. In the 
interface we set user groups information to the userRoles parameter when the 
LDAP was enabled, on the contrary we set user roles information to the 
userRoles parameter. The interface is as following:
/**
Checks if a user has permission on an entity.
@param user
@param userRoles
@param entityType String constants defined in AclEntityType
@param entityUuid
@param permission
@return true if has permission
*/
abstract public boolean checkPermission(String user, List<String> userRoles, //
String entityType, String entityUuid, Permission permission);


Diffs
-----

  
server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
 b3c9458 
  
server-base/src/main/java/org/apache/kylin/rest/security/ExternalAclProviderTest.java
 PRE-CREATION 
  
server-base/src/main/java/org/apache/kylin/rest/security/KylinAclPermissionEvaluator.java
 b677537 
  
server-base/src/main/java/org/apache/kylin/rest/security/KylinLdapTemplate.java 
PRE-CREATION 
  server-base/src/main/java/org/apache/kylin/rest/security/RoleService.java 
PRE-CREATION 
  server-base/src/main/java/org/apache/kylin/rest/service/KylinRoleService.java 
PRE-CREATION 
  server-base/src/main/java/org/apache/kylin/rest/service/LdapRoleService.java 
PRE-CREATION 
  server/src/main/resources/kylinSecurity.xml ca49255 


Diff: https://reviews.apache.org/r/63237/diff/1/


Testing
-------


Thanks,

pengjianhua

Reply via email to