Sandor Molnar created KNOX-2411:
-----------------------------------
Summary: Implement composite authentication provider
Key: KNOX-2411
URL: https://issues.apache.org/jira/browse/KNOX-2411
Project: Apache Knox
Issue Type: New Feature
Components: Server
Affects Versions: 1.5.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 1.5.0
End-users should have a way of having different authentication providers bound
to the same topology. For the first time, this _composite_ authentication
provider will default to the following behavior:
* this is going to be a new servlet Filter (just like other providers)
implementation
* as with all providers in the Knox gateway, the composite authentication
provider is configured through provider parameters
* only {{JWT}} and {{HadoopAuth}} authentication providers are supported
* in the {{doFilter}} method, there is going to be a check if the incoming
request has a valid JWT token (as a {{bearer}} token) extracted from the
{{Authorization}} header. If this is true, the request is then processed on
behalf of the user represented by the JWT token (using the existing JWT
federation provider). If there is no _valid_ JWT token, the new filter will try
to achieve authentication using the existing {{HadoopAuth}} authentication
filter.
Later on, this composite authentication provider can be extended with different
use-cases.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
