[
https://issues.apache.org/jira/browse/CALCITE-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16483197#comment-16483197
]
ASF GitHub Bot commented on CALCITE-2294:
-----------------------------------------
Github user karanmehta93 commented on a diff in the pull request:
https://github.com/apache/calcite-avatica/pull/48#discussion_r189741041
--- Diff:
server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java ---
@@ -239,18 +239,8 @@ protected void internalStart() {
server.setConnectors(new Connector[] { connector });
// Default to using the handler that was passed in
- final HandlerList handlerList = new HandlerList();
- Handler avaticaHandler = handler;
-
- // Wrap the provided handler for security if we made one
- if (null != securityHandler) {
- securityHandler.setHandler(handler);
- avaticaHandler = securityHandler;
- }
+ configureHandlers(securityHandler);
--- End diff --
> I like your suggestion, @apurtell! I was a bit reticent to suggest that
as, like you imply, it's a bit more work to set up all of those handlers on
your own
Agreed and that's probably the reason why I forgot abstracting them out as
well :)
> I'm still a bit curious if there's another "nicer" abstraction we could
provide from an API perspective that isn't full CUSTOM. For example, are there
more abstractions which would help us put the boilerplate into the
HttpServer.Builder and let you inject your SFDC specific authn/authz decisions?
I am just a little ignorant on the specifics of how your SFDC-specific thing
works. You can also just tell me to drop it and I'll stop poking :)
@joshelser I initially wanted to do that, however
`AvaticaServerConfiguration` is not abstracted out completely. I will file a
Jira to refactor the code and can make it better/generic. MTLS as a type of
authentication is a slight change to TLS part (where we configure
`ServerConnectors` to accept client certs). Even I want to push as much code
upstream as possible :)
> Allow customization for AvaticaServerConfiguration for plugging new
> authentication mechanisms
> ---------------------------------------------------------------------------------------------
>
> Key: CALCITE-2294
> URL: https://issues.apache.org/jira/browse/CALCITE-2294
> Project: Calcite
> Issue Type: Improvement
> Components: avatica
> Reporter: Karan Mehta
> Priority: Major
>
> {{AvaticaServerConfiguration}} is currently only created if authentication
> mechanism such as {{BASIC, DIGEST or SPNEGO}} is provided. We can change it
> to a builder pattern to create this object and provide a way for users to
> plugin their own security configuration.
> An example here can be using it for custom config that supports MTLS.
> Thanks [~alexaraujo] for suggesting this approach.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
