[
https://issues.apache.org/jira/browse/ACCUMULO-1929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13833331#comment-13833331
]
Christopher Tubbs commented on ACCUMULO-1929:
---------------------------------------------
This issue would be addressed by my anticipated implementation of
ACCUMULO-1300... but if you'd feel more comfortable leaving it open and
"related" rather than closed and marked as a duplicate, that works for me.
I'm opposed to implementing in 1.6.0, because we've already addressed the
feature set for 1.6.0, and this isn't a bugfix.
> Current auth/auth/perm API doesn't well support multiple authentication
> domains
> -------------------------------------------------------------------------------
>
> Key: ACCUMULO-1929
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1929
> Project: Accumulo
> Issue Type: Bug
> Reporter: Michael Allen
> Assignee: Christopher Tubbs
>
> The current {{Authenticator}} / {{Authorizor}} / {{PermissionHandler}} API
> doesn't provide a good method to support multiple authentication domains.
> While the {{Authenticator}} object accepts abstract {{AuthenticationToken}}
> objects which can be used to point a request towards a particular domain (by
> including domain-specific knowledge in the token subclass), the
> {{Authorizor}} and {{PermissionHandler}} objects share no such abstract
> class. A call like {{Authorizor.getCachedUserAuthorization(String user)}}
> can't tell if the user in question is the user for domain 1, 2, 3, and so on,
> without having the rest of the system play some crazy tricks to encode that
> string in some unnatural way.
> One simple-ish solution is pass the {{AuthenticationToken}} object on to more
> than one call in the {{Authenticator}} / {{Authorizor}} /
> {{PermissionHandler}} system. That way, its domain knowledge can travel
> through to the other parts and be used to route requests accordingly.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
