Hi Som,
There are some examples in the unit tests of wiring up HTTP basic and
digest authentication via the provided Jetty implementations. These
aren't super useful in the real world (because our authentication
database is rarely a flat file).
There is a fine line between things we can cleanly do in Avatica
versus scope creep. For example, projects like Apache Knox have a
gateway whose sole purpose is to proxy RESTful services and provide
authentication to them. I think as long as providing
"batteries-included" authentication for Avatica doesn't detract for
its core mission (proxied JDBC over HTTP), then it would be a fine
addition.
One other concern I have is exposing Jetty-specific functionality via
Avatica public API. Because we cannot control Jetty API, we should not
have any Jetty classes in our public API. Karan had added some
ServerCustomizer logic in CALCITE-2294 which attempted to expose the
ability to configure Avatica for mTLS without polluting our API as an
example. I'd expect you could take a similar approach.
On Mon, Nov 11, 2019 at 3:54 PM Soman Ullah wrote:
>
> Hello everyone,
> Are there any implementations of AbstractAvaticaHandler which provides a
> method to add a custom servlet filter? I would like to add authentication
> based filters to requests that flow through the avatica driver.
> If this feature doesnt exist, is the community open towards accepting that
> as a feature?
>
> Thanks,
> Som
