Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/583
Hi and thanks for contributing. In general, I like the concept of this pull
request, but I have some thoughts to share to get us both on the same page. I'd
thought about doing this when we first decided to get authentication in place.
I opted not to do it for at least a couple reasons that I can remember:
1. The `Channelizer` abstraction might be enough of an abstraction. It's
not complex by any means - the core of `HttpChannelizer` is 20 lines of easily
readable code. If someone doesn't want basic auth, then just write a new
`Channelizer` and done. Personally, I'm not sure I want to see us expand
different kinds of HTTP auth in TinkerPop so `HttpChannelizer` with basic auth
seems good enough.
2. The configuration system required further pollution of the root of the
configuration file. It bugs me that we don't have `Channelizer` specific
configurations - e.g. you had to add `httpAuthHandlerClassName` to `Settings`
and that value has nothing to do with anything other than `HttpChannelizer`. If
you were configured for web sockets it would just be ignored. Not saying that
we don't have that issue at hand now (as I think we do), but I didn't want to
continue to proliferate it.
Anyway, I'd had it in my mind that solving 2 would make 1 more palatable as
something to do, but 2 hasn't come around yet and unless there is a neat way to
do it, it will come in as a breaking change to the Gremlin Server configuration
file.
So that's the basic history on this direction for auth configuration -
thoughts?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
