[jira] [Commented] (ACCUMULO-1028) Distinguish the user principal from the authentication token

Sun, 03 Feb 2013 13:18:13 -0800 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13569896#comment-13569896
 ] 

Christopher Tubbs commented on ACCUMULO-1028:
---------------------------------------------

Another reason to pass the token as an object instead of a byte array is 
because we can then get the type (from the class name) to serialize in the 
thrift object, rather than rely on the external serialization to embed the type 
in a consistent way. We need this, because if we're going to do ACCUMULO-1027, 
we need to ensure the token is of the type the configured authentication 
mechanism supports, before we pass it along to it (unless we want to just fail 
with a generic "INVALID_TOKEN" message instead of the more descriptive 
"Authentication Token type is supported by the configured authentication 
plugin").
                
> Distinguish the user principal from the authentication token
> ------------------------------------------------------------
>
>                 Key: ACCUMULO-1028
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1028
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: master, tserver
>            Reporter: Christopher Tubbs
>            Assignee: John Vines
>             Fix For: 1.5.0
>
>
> The user principal is something that uniquely identifies a user. An 
> authentication token is the item that authenticates the user principal, may 
> be temporal, and may vary. It is not clear from the implementation of 
> ACCUMULO-259 that these are separate things, and I think it would benefit the 
> API to distinguish them.
> It could also simplify the API, for users transitioning from the old 
> authentication stuff to the new authentication stuff, because there would be 
> a one-to-one mapping with the username/password with which they are familiar:
> {code:java}
> public Connector getConnector(String username, byte[] password);
> {code}
> becomes
> {code:java}
> public <T extends AuthToken> Connector getConnector(Principal userPrincipal, 
> T authToken);
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to