Re: Review Request 33659: Add support for shorthand names of security realm modules.

Wed, 29 Apr 2015 12:35:53 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33659/#review82002
-----------------------------------------------------------



docs/security.md
<https://reviews.apache.org/r/33659/#comment132578>

    The only weird thing is that IniRealm handles both AUTHN and AUTHZ. So 
there's a potential misconfiguration:
    
    ```
    -shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHZ
    -http_authentication_mechanism=BASIC
    ```
    
    This will cause IniRealm to get passed UsernamePasswordCredentials from 
Basic auth (and thus perform authentication), with Kerberos completely dark. 
How would you feel about naming this INI_AUTHNZ with a TODO to create INI_AUTHN 
and INI_AUTHZ realms that will only participate in one stage?


- Kevin Sweeney


On April 28, 2015, 9:45 p.m., Bill Farner wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33659/
> -----------------------------------------------------------
> 
> (Updated April 28, 2015, 9:45 p.m.)
> 
> 
> Review request for Aurora and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1290
>     https://issues.apache.org/jira/browse/AURORA-1290
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> I initially went down the path of a custom `Parser` that extended 
> `ModuleParser`, but it turns out that doesn't work.  Parsers are identified 
> by type, and a specific parser on the `@CmdLine` arg would have to 
> reimplement the guts of `SetParser`.  As a result, i decided it was more sane 
> to bake the shorthand list in our canonical parser of modules.
> 
> 
> Diffs
> -----
> 
>   docs/security.md db2e92495661800ef513334568810f16fcf513e1 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> ef502b7dcc48c716f71ab5ce920084917564f6ff 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ModuleParser.java 
> c96821683b4569977d6d2b8ed657b0625bdd1903 
> 
> Diff: https://reviews.apache.org/r/33659/diff/
> 
> 
> Testing
> -------
> 
> End-to-end tests pass.
> 
> 
> Thanks,
> 
> Bill Farner
> 
>

Reply via email to