You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Karol Dudzinski (JIRA)" <ji...@apache.org> on 2015/03/16 11:39:38 UTC

[jira] [Created] (ZOOKEEPER-2143) Pass the operation and path to the AuthenticationProvider

Karol Dudzinski created ZOOKEEPER-2143:
------------------------------------------

             Summary: Pass the operation and path to the AuthenticationProvider
                 Key: ZOOKEEPER-2143
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2143
             Project: ZooKeeper
          Issue Type: Improvement
            Reporter: Karol Dudzinski


Currently, the AuthenticationProvider only gets passed the id of the client and the acl expression.  If one wishes to perform auth checks based on the action or path being acted on, that needs to be included in the acl expression.  This results in lots of potentially individual acl's being created which led us to find ZOOKEEPER-2141.  It would be great if both the action and path were passed to the AuthenticationProvider.

I understand that this needs to be completely backwards compatible.  One solution that comes to mind is to create an interface which extends AuthenticationProvider but adds a new matches which takes the additional parameters.  Internally, ZK would use the new interface everywhere.  To preserve compatibility, ProviderRegistry could check for classes implementing the original AuthenticationProvdier interface and wrap them to allow the new interface to be used everywhere internally.  Any thoughts on this approach?  Happy to provide a patch to demonstrate what I mean.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)