[jira] [Commented] (TINKERPOP-1657) Provide abstraction to easily allow different HttpAuth schemes

Tue, 28 Mar 2017 10:00:10 -0700 

    [ 
https://issues.apache.org/jira/browse/TINKERPOP-1657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945548#comment-15945548
 ] 

ASF GitHub Bot commented on TINKERPOP-1657:
-------------------------------------------

Github user spmallette commented on the issue:

    https://github.com/apache/tinkerpop/pull/583
  
    > I think this abstraction could be applied fairly easily to the 
`WebSocketsChannelizer`
    
    You're right.
    
    > Well, it's not the root of the configuration file. It's under 
`authentication : { ... }`.
    
    sorry - i missed that and all the better that it can be generally applied 
to the `WebSocketChannelizer` as i agreed above. of course, given both of the 
above points, something doesn't feel right. Let me try to explain. It seems 
like we have a pluggable authentication schema already in SASL and now this 
pull request suggest that we make SASL pluggable. I think we just need to make 
the `HttpChannelizer` use SASL. Then if someone wants to do HMAC (or whatever 
custom security theme) they implement through SASL.  Does that make sense?
    
    > I think this PR is a small, iterative change that doesn't break anything.
    
    agreed - this PR is well scoped as it is. i didn't mean to suggest 
expanding it, especially now that i understand that the change isn't at the 
root of the yaml.



> Provide abstraction to easily allow different HttpAuth schemes
> --------------------------------------------------------------
>
>                 Key: TINKERPOP-1657
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-1657
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: server
>            Reporter: Keith Lohnes
>
> The current HttpChannelizer allows for extension through an Authenticator 
> class supplied through the authorization settings. There isn't, however, an 
> extension point for an authentication handler. Currently the choice is 
> between the `AllowAllAuthenticator` or the `HttpBasicAuthenticationHandler`. 
> One would need to create a new channelizer where the HttpChannelizer would 
> suffice. Creating an abstract class that can be extended would make it easier 
> to extend Authentication for things like token authentication schemes.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to