2009/11/12 Ted Zlatanov <[email protected]>: > On Wed, 11 Nov 2009 16:14:09 -0800 Anthony Molinaro > <[email protected]> wrote: > > AM> How will authentication work with non-java clients? I don't think thrift > AM> itself has authentication built in, and it sounds like a java library is > AM> being proposed for the guts. Will it still be possible to connect from > AM> a non-java client or will the thrift interface be deprecated? > > The client will login with a Map<String,String> of login tokens and get > an auth token (probably a String containing a UUID) back. The token > will be valid for the duration of the client connection and will grant > access to a single keyspace. Effectively, the token replaces the old > Keyspace argument in all Thrift API calls.
I'd really prefer to just keep that around in a threadlocal. There's no reason for a client to continue passing a token w/ each call that the server already knows. > I am thinking of allowing dual operation where if you pass a keyspace > name without login, it works on servers that don't have authentication > enabled. The default should definitely be, "don't break people who don't need the new feature more than necessary." So the default should be "accept any client to any keyspace." -Jonathan
