[jira] [Commented] (TINKERPOP-1657) Provide abstraction to easily allow different HttpAuth schemes

Fri, 24 Mar 2017 08:33:10 -0700 

    [ 
https://issues.apache.org/jira/browse/TINKERPOP-1657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15940548#comment-15940548
 ] 

ASF GitHub Bot commented on TINKERPOP-1657:
-------------------------------------------

GitHub user krlohnes opened a pull request:

    https://github.com/apache/tinkerpop/pull/583

    TINKERPOP-1657 Provide abstraction to easily allow different HttpAuth 
schemes

    Abstracting over the http authentication allows for easy extensibility
    for users/implementors to provide their own classes for http auth beyond
    basic auth. The general issue is that there is a fixed overhead to
    hashing passwords securely. This change allows for implementing things
    like HMAC token auth and plugging them in easily to the gremlin server.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/krlohnes/tinkerpop 
abstraction_for_different_http_auths

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/tinkerpop/pull/583.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #583
    
----
commit 1c7a4b18fd63f30c9da9a2b3a211c8f6fad1c596
Author: Keith Lohnes <[email protected]>
Date:   2017-03-20T17:37:40Z

    Abstract over http auth for extensibility
    
    Abstracting over the http authentication allows for easy extensibility
    for users/implementors to provide their own classes for http auth beyond
    basic auth. The general issue is that there is a fixed overhead to
    hashing passwords securely. This change allows for implementing things
    like HMAC token auth and plugging them in easily to the gremlin server.

----


> Provide abstraction to easily allow different HttpAuth schemes
> --------------------------------------------------------------
>
>                 Key: TINKERPOP-1657
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-1657
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: server
>            Reporter: Keith Lohnes
>
> The current HttpChannelizer allows for extension through an Authenticator 
> class supplied through the authorization settings. There isn't, however, an 
> extension point for an authentication handler. Currently the choice is 
> between the `AllowAllAuthenticator` or the `HttpBasicAuthenticationHandler`. 
> One would need to create a new channelizer where the HttpChannelizer would 
> suffice. Creating an abstract class that can be extended would make it easier 
> to extend Authentication for things like token authentication schemes.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to