markusthoemmes commented on a change in pull request #2517: Support client
certificate verify on server side
URL:
https://github.com/apache/incubator-openwhisk/pull/2517#discussion_r131126899
##########
File path: core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala
##########
@@ -160,7 +160,7 @@ protected[controller] class RestAPIVersion(apipath:
String, apiversion: String)(
sendCorsHeaders {
(pathEndOrSingleSlash & get) {
complete(OK, info)
- } ~ authenticate(basicauth) {
+ } ~ (authenticate(basicauth) | authenticate(certificateAuth)) {
Review comment:
That tightly couples the security of the Controller to having an nginx with
that exact configuration running in front of it. I don't think that is
desirable. Also, when you deploy a system using cert authentication, you'll
always have the overhead of also checking basic auth unnecessarily.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
