[jira] [Issue Comment Deleted] (MESOS-7530) HTTP authenticators modules never get the realm they are registered for

Mon, 29 Apr 2019 02:31:17 -0700 


     [ 
https://issues.apache.org/jira/browse/MESOS-7530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gavin updated MESOS-7530:
-------------------------
    Comment: was deleted

(was: www.rtat.net)

> HTTP authenticators modules never get the realm they are registered for
> -----------------------------------------------------------------------
>
>                 Key: MESOS-7530
>                 URL: https://issues.apache.org/jira/browse/MESOS-7530
>             Project: Mesos
>          Issue Type: Bug
>          Components: modules, security
>    Affects Versions: 1.3.0
>            Reporter: Alexander Rojas
>            Priority: Major
>              Labels: mesosphere
>
> When someone creates a module to provide HTTP Authenticator, only in the 
> master it can be register for one of three realms:
> * {{READONLY_HTTP_AUTHENTICATION_REALM}} 
> * {{READWRITE_HTTP_AUTHENTICATION_REALM}}
> * {{DEFAULT_HTTP_FRAMEWORK_AUTHENTICATION_REALM}}
> These realms are passed to the HTTP basic authenticator when it is 
> constructed:
> {code}
> Result<process::http::authentication::Authenticator*> 
> createBasicAuthenticator(
>     const string& realm,
>     const string& authenticatorName,
>     const Option<Credentials>& credentials)
> {
>   if (credentials.isNone()) {
>     return Error(
>         "No credentials provided for the default '" +
>         string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) +
>         "' HTTP authenticator for realm '" + realm + "'");
>   }
>   LOG(INFO) << "Creating default '"
>             << internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR
>             << "' HTTP authenticator for realm '" << realm << "'";
>   return BasicAuthenticatorFactory::create(realm, credentials.get());
> }
> {code}
> However modules don't get to configure their configured realm at construction 
> and the API doesn't allow to change that afterwards:
> {code}
> Result<process::http::authentication::Authenticator*> 
> createCustomAuthenticator(
>     const string& realm,
>     const string& authenticatorName)
> {
>   if (!modules::ModuleManager::contains<
>         process::http::authentication::Authenticator>(authenticatorName)) {
>     return Error(
>         "HTTP authenticator '" + authenticatorName + "' not found. "
>         "Check the spelling (compare to '" +
>         string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) +
>         "') or verify that the authenticator was loaded "
>         "successfully (see --modules)");
>   }
>   LOG(INFO) << "Creating '" << authenticatorName << "' HTTP authenticator "
>             << "for realm '" << realm << "'";
>   return modules::ModuleManager::create<
>       process::http::authentication::Authenticator>(authenticatorName);
> }
> {code}
> Since the same authenticator module is used for all the realms, it is 
> impossible to provide one authenticator per realm if using modules.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to