You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Jordan Zimmerman (JIRA)" <ji...@apache.org> on 2016/10/06 13:30:21 UTC
[jira] [Resolved] (ZOOKEEPER-2143) Pass the operation and path to
the AuthenticationProvider
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jordan Zimmerman resolved ZOOKEEPER-2143.
-----------------------------------------
Resolution: Implemented
Note: this has been merged into ZOOKEEPER-1525
> Pass the operation and path to the AuthenticationProvider
> ---------------------------------------------------------
>
> Key: ZOOKEEPER-2143
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2143
> Project: ZooKeeper
> Issue Type: Sub-task
> Reporter: Karol Dudzinski
>
> Currently, the AuthenticationProvider only gets passed the id of the client and the acl expression. If one wishes to perform auth checks based on the action or path being acted on, that needs to be included in the acl expression. This results in lots of potentially individual acl's being created which led us to find ZOOKEEPER-2141. It would be great if both the action and path were passed to the AuthenticationProvider.
> I understand that this needs to be completely backwards compatible. One solution that comes to mind is to create an interface which extends AuthenticationProvider but adds a new matches which takes the additional parameters. Internally, ZK would use the new interface everywhere. To preserve compatibility, ProviderRegistry could check for classes implementing the original AuthenticationProvdier interface and wrap them to allow the new interface to be used everywhere internally. Any thoughts on this approach? Happy to provide a patch to demonstrate what I mean.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)