Michael Allen created ACCUMULO-1929: ---------------------------------------
Summary: Current auth/auth/perm API doesn't well support multiple authentication domains Key: ACCUMULO-1929 URL: https://issues.apache.org/jira/browse/ACCUMULO-1929 Project: Accumulo Issue Type: Bug Reporter: Michael Allen The current {{Authenticator}} / {{Authorizor}} / {{PermissionHandler}} API doesn't provide a good method to support multiple authentication domains. While the {{Authenticator}} object accepts abstract {{AuthenticationToken}} objects which can be used to point a request towards a particular domain (by including domain-specific knowledge in the token subclass), the {{Authorizor}} and {{PermissionHandler}} objects share no such abstract class. A call like {{Authorizor.getCachedUserAuthorization(String user)}} can't tell if the user in question is the user for domain 1, 2, 3, and so on, without having the rest of the system play some crazy tricks to encode that string in some unnatural way. One simple-ish solution is pass the {{AuthenticationToken}} object on to more than one call in the {{Authenticator}} / {{Authorizor}} / {{PermissionHandler}} system. That way, its domain knowledge can travel through to the other parts and be used to route requests accordingly. -- This message was sent by Atlassian JIRA (v6.1#6144)