[ https://issues.apache.org/jira/browse/KNOX-2411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on KNOX-2411 stopped by Sandor Molnar. ------------------------------------------- > Implement composite authentication provider > ------------------------------------------- > > Key: KNOX-2411 > URL: https://issues.apache.org/jira/browse/KNOX-2411 > Project: Apache Knox > Issue Type: New Feature > Components: Server > Affects Versions: 1.5.0 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Major > Fix For: 1.5.0 > > > End-users should have a way of having different authentication providers > bound to the same topology. For the first time, this _composite_ > authentication provider will default to the following behavior: > * this is going to be a new servlet Filter (just like other providers) > implementation > * as with all providers in the Knox gateway, the composite authentication > provider is configured through provider parameters > * only {{JWT}} and {{HadoopAuth}} authentication providers are supported > * in the {{doFilter}} method, there is going to be a check if the incoming > request has a valid JWT token (as a {{bearer}} token) extracted from the > {{Authorization}} header. If this is true, the request is then processed on > behalf of the user represented by the JWT token (using the existing JWT > federation provider). If there is no _valid_ JWT token, the new filter will > try to achieve authentication using the existing {{HadoopAuth}} > authentication filter. > Later on, this composite authentication provider can be extended with > different use-cases. -- This message was sent by Atlassian Jira (v8.3.4#803005)