Karol Dudzinski created ZOOKEEPER-2143:
------------------------------------------
Summary: Pass the operation and path to the AuthenticationProvider
Key: ZOOKEEPER-2143
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2143
Project: ZooKeeper
Issue Type: Improvement
Reporter: Karol Dudzinski
Currently, the AuthenticationProvider only gets passed the id of the client and
the acl expression. If one wishes to perform auth checks based on the action
or path being acted on, that needs to be included in the acl expression. This
results in lots of potentially individual acl's being created which led us to
find ZOOKEEPER-2141. It would be great if both the action and path were passed
to the AuthenticationProvider.
I understand that this needs to be completely backwards compatible. One
solution that comes to mind is to create an interface which extends
AuthenticationProvider but adds a new matches which takes the additional
parameters. Internally, ZK would use the new interface everywhere. To
preserve compatibility, ProviderRegistry could check for classes implementing
the original AuthenticationProvdier interface and wrap them to allow the new
interface to be used everywhere internally. Any thoughts on this approach?
Happy to provide a patch to demonstrate what I mean.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
