This is an automated email from the ASF dual-hosted git repository. markusthoemmes pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push: new d8c881a Use the authentication provider to retrieve the identity of the namespace. (#3892) d8c881a is described below commit d8c881a941ba692a2fc4811537c086d92360fc09 Author: Martin Henke <martin.he...@web.de> AuthorDate: Tue Jul 24 17:11:23 2018 +0200 Use the authentication provider to retrieve the identity of the namespace. (#3892) Unauthenticated web actions will use the authentication provider configured in the SPI to create the namespace based Identity --- .../controller/BasicAuthenticationDirective.scala | 4 ++++ .../scala/whisk/core/controller/RestAPIs.scala | 24 +++++++++++++++++++++- .../scala/whisk/core/controller/WebActions.scala | 7 ++++++- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala b/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala index 90cf006..7bc5e32 100644 --- a/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala +++ b/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala @@ -73,6 +73,10 @@ object BasicAuthenticationDirective extends AuthenticationDirectiveProvider { } } + def identityByNamespace(namespace: EntityName)(implicit transid: TransactionId, authStore: AuthStore) = { + Identity.get(authStore, namespace) + } + def authenticate(implicit transid: TransactionId, authStore: AuthStore, logging: Logging): AuthenticationDirective[Identity] = { diff --git a/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala b/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala index cae3910..c21e112 100644 --- a/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala +++ b/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala @@ -40,7 +40,7 @@ import whisk.core.{ConfigKeys, WhiskConfig} import whisk.http.Messages import whisk.spi.{Spi, SpiLoader} -import scala.concurrent.ExecutionContext +import scala.concurrent.{ExecutionContext, Future} import scala.util.{Failure, Success, Try} /** @@ -320,7 +320,29 @@ class RestAPIVersion(config: WhiskConfig, apiPath: String, apiVersion: String)( } trait AuthenticationDirectiveProvider extends Spi { + + /** + * Returns an authentication directive used to validate the + * passed user credentials. + * At runtime the directive returns an user identity + * which is passed to the following routes. + * + * @return authentication directive used to verify the user credentials + */ def authenticate(implicit transid: TransactionId, authStore: AuthStore, logging: Logging): AuthenticationDirective[Identity] + + /** + * Retrieves an Identity based on a given namespace name. + * + * For use-cases of anonymous invocation (i.e. WebActions), + * we need to an identity based on a given namespace-name to + * give the invocation all the context needed. + * + * @param namespace the namespace that the identity will be based on + * @return identity based on the given namespace + */ + def identityByNamespace(namespace: EntityName)(implicit transid: TransactionId, + authStore: AuthStore): Future[Identity] } diff --git a/core/controller/src/main/scala/whisk/core/controller/WebActions.scala b/core/controller/src/main/scala/whisk/core/controller/WebActions.scala index 2878c66..f373a1f 100644 --- a/core/controller/src/main/scala/whisk/core/controller/WebActions.scala +++ b/core/controller/src/main/scala/whisk/core/controller/WebActions.scala @@ -55,6 +55,7 @@ import whisk.core.entity.types._ import whisk.http.ErrorResponse.terminate import whisk.http.Messages import whisk.http.LenientSprayJsonSupport._ +import whisk.spi.SpiLoader import whisk.utils.JsHelpers._ protected[controller] sealed class WebApiDirectives(prefix: String = "__ow_") { @@ -360,6 +361,9 @@ trait WhiskWebActionsApi extends Directives with ValidateRequestSize with PostAc /** Store for identities. */ protected val authStore: AuthStore + /** Configured authentication provider. */ + protected val authenticationProvider = SpiLoader.get[AuthenticationDirectiveProvider] + /** The prefix for web invokes e.g., /web. */ private lazy val webRoutePrefix = { pathPrefix(webInvokePathSegments.map(_segmentStringToPathMatcher(_)).reduceLeft(_ / _)) @@ -457,7 +461,8 @@ trait WhiskWebActionsApi extends Directives with ValidateRequestSize with PostAc * This method is factored out to allow mock testing. */ protected def getIdentity(namespace: EntityName)(implicit transid: TransactionId): Future[Identity] = { - Identity.get(authStore, namespace) + + authenticationProvider.identityByNamespace(namespace)(transid, authStore) } private def handleMatch(namespaceSegment: String,