[
https://issues.apache.org/jira/browse/ZOOKEEPER-2143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jordan Zimmerman resolved ZOOKEEPER-2143.
-----------------------------------------
Resolution: Implemented
Note: this has been merged into ZOOKEEPER-1525
> Pass the operation and path to the AuthenticationProvider
> ---------------------------------------------------------
>
> Key: ZOOKEEPER-2143
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2143
> Project: ZooKeeper
> Issue Type: Sub-task
> Reporter: Karol Dudzinski
>
> Currently, the AuthenticationProvider only gets passed the id of the client
> and the acl expression. If one wishes to perform auth checks based on the
> action or path being acted on, that needs to be included in the acl
> expression. This results in lots of potentially individual acl's being
> created which led us to find ZOOKEEPER-2141. It would be great if both the
> action and path were passed to the AuthenticationProvider.
> I understand that this needs to be completely backwards compatible. One
> solution that comes to mind is to create an interface which extends
> AuthenticationProvider but adds a new matches which takes the additional
> parameters. Internally, ZK would use the new interface everywhere. To
> preserve compatibility, ProviderRegistry could check for classes implementing
> the original AuthenticationProvdier interface and wrap them to allow the new
> interface to be used everywhere internally. Any thoughts on this approach?
> Happy to provide a patch to demonstrate what I mean.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
