[jira] [Commented] (EAGLE-582) register simple Basic Authentication to server application

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/EAGLE-582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15571152#comment-15571152
 ] 

ASF GitHub Bot commented on EAGLE-582:
--------------------------------------

Github user anyway1021 commented on the issue:

    https://github.com/apache/incubator-eagle/pull/468
  
    @haoch 
    @all
    
    Would like to merge but because some new classes are added to support 
switching authentication without modifying code, I think it may be better to 
ask you to review again.
    
    The reason of doing this is:
    1. dropwizard 0.7.1 only supports @Auth annotation to mark authentication 
on additional User argument of REST resource methods, means if we'd like a REST 
path be authenticated, we should add a parameter to the method, such as "public 
List list(@Auth User user)". In this way, any REST resource we don't want to 
authenticate could only be freed by removing the parameter.
    
    2. Currently, while registering the Authenticators, by default API, we 
would register a BasicAuthProvider that doesn't support switching 
authentication on or off. People may think, we could skip registering it when 
we want to switch off the authentication, however, this approach would cause 
4xx http error for unable to map the coded "@Auth" parameters correctly.
    
    3. Based on the above 2, I  create a SwitchableBasicAuthProvider to involve 
switching configuration, and by registering this provider on starting the 
server, people could configure a param "enabled=true|false" in 
configuration.yml, to enable|disable authentication, without having to change 
code, re-compile, or re-deploy.
    
    Besides, to make other projects able to depend on class User, I moved it 
from eagle-server to eagle-common under package: 
org.apache.eagle.common.authentication, please consider if it's appropriate, 
thanks.
    
    Hopefully it's not a redundant modification. 
    
    Michael


> register simple Basic Authentication to server application
> ----------------------------------------------------------
>
>                 Key: EAGLE-582
>                 URL: https://issues.apache.org/jira/browse/EAGLE-582
>             Project: Eagle
>          Issue Type: Sub-task
>    Affects Versions: v0.5.0
>            Reporter: Michael Wu
>            Assignee: Michael Wu
>             Fix For: v0.5.0
>
>
> simple basic authentication with just some expected username-password pairs 
> configured for the application.
> This is one of the sub-tasks of ticket EAGLE-433, to successfully register a 
> simple Basic Authentication authenticator to the server application.
> With this check-in, when the server is up, any access to rest api method that 
> has a @Auth annotation on it's User field will require correct credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)