You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2019/08/06 12:20:04 UTC

[GitHub] [incubator-druid] nishantmonu51 opened a new pull request #8248: Add TrustedDomain Authenticator

nishantmonu51 opened a new pull request #8248: Add TrustedDomain Authenticator
URL: https://github.com/apache/incubator-druid/pull/8248
 
 
   Fixes #8217 .
   
   (If you are a committer, follow the PR action item checklist for committers:
   https://github.com/apache/incubator-druid/blob/master/dev/committer-instructions.md#pr-and-issue-action-item-checklist-for-committers.)
   
   ### Description
   
   Implement a TrustedDomainAuthenticator which allows traffic from pre-configured domain, Ip address to pass.
   Configurable properties for the authenticator -
   
   Implement a `TrustedDomainAuthenticator` which allows traffic from pre-configured domain, Ip address to pass. 
   
   Configurable properties for the authenticator - 
   * `druid.authenticator.<authenticator_name>.domain` (`required` =  `true`): trusted domain name or IP address, Authentication will be skipped for any connection coming from a host whose hostname ends with this domain name. If authentication is expected to be skipped for connections from only a given host, fully qualified hostname of that host needs to be specified.
   
   * `druid.authenticator.<authenticator_name>.useForwardedHeaders` : (`default`= `false`, `required` =  `false`) When trusted domain authentication is enabled, the clients connecting to druid could pass through many layers of proxy. Some proxies also append its own ip address to 'X-Forwarded-For' header before passing on the request to another proxy. Some proxies also connect on behalf of client. if this config is set to true and if 'X-Forwarded-For' is present, trusted domain authenticator will use left most ip address from X-Forwarded-For header.
   
   * `druid.authenticator.<authenticator_name>.identity` (`required` =  `true`) - The identity of the requester. 
   
   This PR has:
   - [X] been self-reviewed.
   - [X] added documentation for new or modified features or behaviors.
   - [X] added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
   - [X] added unit tests or modified existing tests to cover new code paths.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org