himanshug commented on a change in pull request #8248: Add TrustedDomain Authenticator URL: https://github.com/apache/incubator-druid/pull/8248#discussion_r326293913
########## File path: docs/design/auth.md ########## @@ -80,6 +80,34 @@ druid.auth.authenticator.anonymous.authorizerName=myBasicAuthorizer # ... usual configs for basic authentication would go here ... ``` +### Trusted domain Authenticator + +This built-in Trusted Domain Authenticator authenticates requests originating from the configured trusted domain, and directs them to an Authorizer specified in the configuration by the user. It is intended to be used for adding a default level of trust and allow access for hosts within same domain. + +|Property|Description|Default|Required| +|--------|-----------|-------|--------| +|`druid.auth.authenticator.<authenticatorName>.name`|authenticator name.|N/A|Yes| +|`druid.auth.authenticator.<authenticatorName>.domain`|Trusted Domain from which requests should be authenticated. If authentication is allowed for connections from only a given host, fully qualified hostname of that host needs to be specified.|N/A|Yes| +|`druid.auth.authenticator.<authenticatorName>.useForwardedHeaders`|Clients connecting to druid could pass through many layers of proxy. Some proxies also append its own ip address to 'X-Forwarded-For' header before passing on the request to another proxy. Some proxies also connect on behalf of client. If this config is set to true and if 'X-Forwarded-For' is present, trusted domain authenticator will use left most host name from X-Forwarded-For header. Note: It is possible to spoof X-Forwarded-For headers in HTTP requests, enable this with caution.|false|No| Review comment: also need to add "IP" in `website/.spelling` file for fixing doc build ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For additional commands, e-mail: commits-h...@druid.apache.org