This is an automated email from the ASF dual-hosted git repository.
cwylie pushed a commit to branch 0.19.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.19.0 by this push:
new 1be8b21 renamed authenticationChain to authenticatorChain (#10143)
(#10160)
1be8b21 is described below
commit 1be8b21ec7a360f87896b127c80834e077b45154
Author: Clint Wylie <[email protected]>
AuthorDate: Thu Jul 9 12:08:37 2020 -0700
renamed authenticationChain to authenticatorChain (#10143) (#10160)
Co-authored-by: Antoine Huret <[email protected]>
---
docs/configuration/index.md | 2 +-
docs/design/auth.md | 10 +++++-----
docs/development/extensions-core/druid-ranger-security.md | 2 +-
.../main/java/org/apache/druid/server/security/AuthConfig.java | 4 ++--
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/docs/configuration/index.md b/docs/configuration/index.md
index 70aaf93..f380b96 100644
--- a/docs/configuration/index.md
+++ b/docs/configuration/index.md
@@ -222,7 +222,7 @@ values for the above mentioned configs among others
provided by Java implementat
|Property|Type|Description|Default|Required|
|--------|-----------|--------|--------|--------|
|`druid.auth.authenticatorChain`|JSON List of Strings|List of Authenticator
type names|["allowAll"]|no|
-|`druid.escalator.type`|String|Type of the Escalator that should be used for
internal Druid communications. This Escalator must use an authentication scheme
that is supported by an Authenticator in
`druid.auth.authenticationChain`.|"noop"|no|
+|`druid.escalator.type`|String|Type of the Escalator that should be used for
internal Druid communications. This Escalator must use an authentication scheme
that is supported by an Authenticator in
`druid.auth.authenticatorChain`.|"noop"|no|
|`druid.auth.authorizers`|JSON List of Strings|List of Authorizer type names
|["allowAll"]|no|
|`druid.auth.unsecuredPaths`| List of Strings|List of paths for which security
checks will not be performed. All requests to these paths will be
allowed.|[]|no|
|`druid.auth.allowUnauthenticatedHttpOptions`|Boolean|If true, skip
authentication checks for HTTP OPTIONS requests. This is needed for certain use
cases, such as supporting CORS pre-flight requests. Note that disabling
authentication checks for OPTIONS requests will allow unauthenticated users to
determine what Druid endpoints are valid (by checking if the OPTIONS request
returns a 200 instead of 404), so enabling this option may reveal information
about server configuration, including [...]
diff --git a/docs/design/auth.md b/docs/design/auth.md
index de40db6..9701f63 100644
--- a/docs/design/auth.md
+++ b/docs/design/auth.md
@@ -28,7 +28,7 @@ This document describes non-extension specific Apache Druid
authentication and a
|Property|Type|Description|Default|Required|
|--------|-----------|--------|--------|--------|
|`druid.auth.authenticatorChain`|JSON List of Strings|List of Authenticator
type names|["allowAll"]|no|
-|`druid.escalator.type`|String|Type of the Escalator that should be used for
internal Druid communications. This Escalator must use an authentication scheme
that is supported by an Authenticator in
`druid.auth.authenticationChain`.|"noop"|no|
+|`druid.escalator.type`|String|Type of the Escalator that should be used for
internal Druid communications. This Escalator must use an authentication scheme
that is supported by an Authenticator in
`druid.auth.authenticatorChain`.|"noop"|no|
|`druid.auth.authorizers`|JSON List of Strings|List of Authorizer type names
|["allowAll"]|no|
|`druid.auth.unsecuredPaths`| List of Strings|List of paths for which security
checks will not be performed. All requests to these paths will be
allowed.|[]|no|
|`druid.auth.allowUnauthenticatedHttpOptions`|Boolean|If true, allow HTTP
OPTIONS requests by unauthenticated users. This is primarily useful for
supporting CORS preflight requests, which Druid does not support directly, but
which can be enabled using third-party extensions.<br /><br />Note that you
must add "OPTIONS" to `druid.server.http.allowedHttpMethods`.<br /><br />Also
note that disabling authentication checks for OPTIONS requests will allow
unauthenticated users to determine what [...]
@@ -40,7 +40,7 @@ Authentication decisions are handled by a chain of
Authenticator instances. A re
Authenticator implementations are provided by extensions.
-For example, the following authentication chain definition enables the
Kerberos and HTTP Basic authenticators, from the `druid-kerberos` and
`druid-basic-security` core extensions, respectively:
+For example, the following authenticator chain definition enables the Kerberos
and HTTP Basic authenticators, from the `druid-kerberos` and
`druid-basic-security` core extensions, respectively:
```
druid.auth.authenticatorChain=["kerberos", "basic"]
@@ -59,7 +59,7 @@ This built-in Authenticator authenticates all requests, and
always directs them
### Anonymous authenticator
This built-in Authenticator authenticates all requests, and directs them to an
Authorizer specified in the configuration by the user. It is intended to be
used for adding a default level of access so
-the Anonymous Authenticator should be added to the end of the authentication
chain. A request that reaches the Anonymous Authenticator at the end of the
chain will succeed or fail depending on how the Authorizer linked to the
Anonymous Authenticator is configured.
+the Anonymous Authenticator should be added to the end of the authenticator
chain. A request that reaches the Anonymous Authenticator at the end of the
chain will succeed or fail depending on how the Authorizer linked to the
Anonymous Authenticator is configured.
|Property|Description|Default|Required|
|--------|-----------|-------|--------|
@@ -111,7 +111,7 @@
druid.auth.authenticator.trustedDomain.name=myTrustedAutenticator
## Escalator
The `druid.escalator.type` property determines what authentication scheme
should be used for internal Druid cluster communications (such as when a Broker
process communicates with Historical processes for query processing).
-The Escalator chosen for this property must use an authentication scheme that
is supported by an Authenticator in `druid.auth.authenticationChain`.
Authenticator extension implementers must also provide a corresponding
Escalator implementation if they intend to use a particular authentication
scheme for internal Druid communications.
+The Escalator chosen for this property must use an authentication scheme that
is supported by an Authenticator in `druid.auth.authenticatorChain`.
Authenticator extension implementers must also provide a corresponding
Escalator implementation if they intend to use a particular authentication
scheme for internal Druid communications.
### Noop escalator
@@ -139,7 +139,7 @@ The Authorizer with type name "allowAll" accepts all
requests.
## Default Unsecured Configuration
-When `druid.auth.authenticationChain` is left empty or unspecified, Druid will
create an authentication chain with a single AllowAll Authenticator named
"allowAll".
+When `druid.auth.authenticatorChain` is left empty or unspecified, Druid will
create an authenticator chain with a single AllowAll Authenticator named
"allowAll".
When `druid.auth.authorizers` is left empty or unspecified, Druid will create
a single AllowAll Authorizer named "allowAll".
diff --git a/docs/development/extensions-core/druid-ranger-security.md
b/docs/development/extensions-core/druid-ranger-security.md
index cac8438..77f3eb9 100644
--- a/docs/development/extensions-core/druid-ranger-security.md
+++ b/docs/development/extensions-core/druid-ranger-security.md
@@ -36,7 +36,7 @@ Support for Apache Ranger authorization consists of three
elements:
* providing the service definition for Druid to Apache Ranger
### Enabling the extension
-Ensure that you have a valid authentication chain and escalator set in your
`common.runtime.properties`. For every authenticator your wish to use the
authorizer for, set
`druid.auth.authenticator.<authenticatorName>.authorizerName` to the name you
will give the authorizer, e.g. `ranger`.
+Ensure that you have a valid authenticator chain and escalator set in your
`common.runtime.properties`. For every authenticator your wish to use the
authorizer for, set
`druid.auth.authenticator.<authenticatorName>.authorizerName` to the name you
will give the authorizer, e.g. `ranger`.
Then add the following and amend to your needs (in case you need to use
multiple authorizers):
diff --git
a/server/src/main/java/org/apache/druid/server/security/AuthConfig.java
b/server/src/main/java/org/apache/druid/server/security/AuthConfig.java
index 656b8b7..f588101 100644
--- a/server/src/main/java/org/apache/druid/server/security/AuthConfig.java
+++ b/server/src/main/java/org/apache/druid/server/security/AuthConfig.java
@@ -53,13 +53,13 @@ public class AuthConfig
@JsonCreator
public AuthConfig(
- @JsonProperty("authenticatorChain") List<String> authenticationChain,
+ @JsonProperty("authenticatorChain") List<String> authenticatorChain,
@JsonProperty("authorizers") List<String> authorizers,
@JsonProperty("unsecuredPaths") List<String> unsecuredPaths,
@JsonProperty("allowUnauthenticatedHttpOptions") boolean
allowUnauthenticatedHttpOptions
)
{
- this.authenticatorChain = authenticationChain;
+ this.authenticatorChain = authenticatorChain;
this.authorizers = authorizers;
this.unsecuredPaths = unsecuredPaths == null ? Collections.emptyList() :
unsecuredPaths;
this.allowUnauthenticatedHttpOptions = allowUnauthenticatedHttpOptions;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
