[ https://issues.apache.org/jira/browse/ZOOKEEPER-2143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jordan Zimmerman resolved ZOOKEEPER-2143. ----------------------------------------- Resolution: Implemented Note: this has been merged into ZOOKEEPER-1525 > Pass the operation and path to the AuthenticationProvider > --------------------------------------------------------- > > Key: ZOOKEEPER-2143 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2143 > Project: ZooKeeper > Issue Type: Sub-task > Reporter: Karol Dudzinski > > Currently, the AuthenticationProvider only gets passed the id of the client > and the acl expression. If one wishes to perform auth checks based on the > action or path being acted on, that needs to be included in the acl > expression. This results in lots of potentially individual acl's being > created which led us to find ZOOKEEPER-2141. It would be great if both the > action and path were passed to the AuthenticationProvider. > I understand that this needs to be completely backwards compatible. One > solution that comes to mind is to create an interface which extends > AuthenticationProvider but adds a new matches which takes the additional > parameters. Internally, ZK would use the new interface everywhere. To > preserve compatibility, ProviderRegistry could check for classes implementing > the original AuthenticationProvdier interface and wrap them to allow the new > interface to be used everywhere internally. Any thoughts on this approach? > Happy to provide a patch to demonstrate what I mean. -- This message was sent by Atlassian JIRA (v6.3.4#6332)