Michael Allen created ACCUMULO-1929:
---------------------------------------
Summary: Current auth/auth/perm API doesn't well support multiple
authentication domains
Key: ACCUMULO-1929
URL: https://issues.apache.org/jira/browse/ACCUMULO-1929
Project: Accumulo
Issue Type: Bug
Reporter: Michael Allen
The current {{Authenticator}} / {{Authorizor}} / {{PermissionHandler}} API
doesn't provide a good method to support multiple authentication domains.
While the {{Authenticator}} object accepts abstract {{AuthenticationToken}}
objects which can be used to point a request towards a particular domain (by
including domain-specific knowledge in the token subclass), the {{Authorizor}}
and {{PermissionHandler}} objects share no such abstract class. A call like
{{Authorizor.getCachedUserAuthorization(String user)}} can't tell if the user
in question is the user for domain 1, 2, 3, and so on, without having the rest
of the system play some crazy tricks to encode that string in some unnatural
way.
One simple-ish solution is pass the {{AuthenticationToken}} object on to more
than one call in the {{Authenticator}} / {{Authorizor}} /
{{PermissionHandler}} system. That way, its domain knowledge can travel
through to the other parts and be used to route requests accordingly.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
