You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2019/08/01 14:57:24 UTC

[GitHub] [incubator-druid] nishantmonu51 opened a new issue #8217: Trusted Domain/IP address based authenticator for Druid

nishantmonu51 opened a new issue #8217: Trusted Domain/IP address based authenticator for Druid
URL: https://github.com/apache/incubator-druid/issues/8217
 
 
   ### Description
   Implement a `TrustedDomainAuthenticator` which allows traffic from pre-configured domain, Ip address to pass. 
   Configurable properties for the authenticator - 
   * `druid.authenticator.<authenticator_name>.domain` : trusted domain name or IP address, Authentication will be skipped for any connection coming from a host whose hostname ends with this domain name. If authentication is expected to be skipped for connections from only a given host, fully qualified hostname of that host needs to be specified.
   
   * `druid.authenticator.<authenticator_name>.useForwardedHeaders` : When trusted domain authentication is enabled, the clients connecting to druid could pass through many layers of proxy. Some proxies also append its own ip address to 'X-Forwarded-For' header before passing on the request to another proxy. Some proxies also connect on behalf of client. if this config is set to true and if 'X-Forwarded-For' is present, trusted domain authenticator will use left most ip address from X-Forwarded-For header.
   
   * `druid.authenticator.<authenticator_name>.identity` - The identity of the requester. 
   
   ### Motivation
   
   Use case is to be able to allow traffic from trusted hosts within the VPC/firewall in the druid cluster without additional authentication overheads.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org