[ https://issues.apache.org/jira/browse/MESOS-7530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam B updated MESOS-7530: -------------------------- Labels: mesosphere (was: ) > HTTP authenticators modules never get the realm they are registered for > ----------------------------------------------------------------------- > > Key: MESOS-7530 > URL: https://issues.apache.org/jira/browse/MESOS-7530 > Project: Mesos > Issue Type: Bug > Components: modules, security > Affects Versions: 1.3.0 > Reporter: Alexander Rojas > Labels: mesosphere > > When someone creates a module to provide HTTP Authenticator, only in the > master it can be register for one of three realms: > * {{READONLY_HTTP_AUTHENTICATION_REALM}} > * {{READWRITE_HTTP_AUTHENTICATION_REALM}} > * {{DEFAULT_HTTP_FRAMEWORK_AUTHENTICATION_REALM}} > These realms are passed to the HTTP basic authenticator when it is > constructed: > {code} > Result<process::http::authentication::Authenticator*> > createBasicAuthenticator( > const string& realm, > const string& authenticatorName, > const Option<Credentials>& credentials) > { > if (credentials.isNone()) { > return Error( > "No credentials provided for the default '" + > string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) + > "' HTTP authenticator for realm '" + realm + "'"); > } > LOG(INFO) << "Creating default '" > << internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR > << "' HTTP authenticator for realm '" << realm << "'"; > return BasicAuthenticatorFactory::create(realm, credentials.get()); > } > {code} > However modules don't get to configure their configured realm at construction > and the API doesn't allow to change that afterwards: > {code} > Result<process::http::authentication::Authenticator*> > createCustomAuthenticator( > const string& realm, > const string& authenticatorName) > { > if (!modules::ModuleManager::contains< > process::http::authentication::Authenticator>(authenticatorName)) { > return Error( > "HTTP authenticator '" + authenticatorName + "' not found. " > "Check the spelling (compare to '" + > string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) + > "') or verify that the authenticator was loaded " > "successfully (see --modules)"); > } > LOG(INFO) << "Creating '" << authenticatorName << "' HTTP authenticator " > << "for realm '" << realm << "'"; > return modules::ModuleManager::create< > process::http::authentication::Authenticator>(authenticatorName); > } > {code} > Since the same authenticator module is used for all the realms, it is > impossible to provide one authenticator per realm if using modules. -- This message was sent by Atlassian JIRA (v6.3.15#6346)