> On Jan. 9, 2014, 10:38 a.m., Brian Wickman wrote: > > src/main/java/org/apache/aurora/scheduler/thrift/aop/UserCapabilityInterceptor.java, > > line 85 > > <https://reviews.apache.org/r/16710/diff/1/?file=418228#file418228line85> > > > > this confuses me -- isn't this doing the same thing as > > SessionKeyMechanismInterceptor?
It is - except it's only configured to intercept "admin" methods (methods that come from AuroraAdmin but not any of its superclasses). - Kevin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/16710/#review31445 ----------------------------------------------------------- On Jan. 7, 2014, 4:45 p.m., Kevin Sweeney wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/16710/ > ----------------------------------------------------------- > > (Updated Jan. 7, 2014, 4:45 p.m.) > > > Review request for Aurora, Suman Karumuri, Maxim Khutornenko, Bill Farner, > and Brian Wickman. > > > Repository: aurora > > > Description > ------- > > Support multiple simultaneous auth mechanisms. > > Currently the SessionKey thrift struct has a mechanism field that the > scheduler ignores. This change would make the scheduler enforce usage of this > field and dispatch the choice of auth mechanism to an > appropriately-registered handler. This change also adds a handler registry > (via a MapBinder) to allow for independent auth subsystems to register > without knowledge of each other. For example, an LDAP_SIMPLE_BIND mechanism > might contact an SSO server and be used by human users while an OAUTH2 > mechanism might be used by another service to perform automated quota > management. Each of these subsystems could be enabled and configured > independently and would coexist on the same cluster. > > > Diffs > ----- > > src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java > 0248c95745fb49f92c1b0db08b878adf9f863a3f > src/main/java/org/apache/aurora/scheduler/app/SchedulerMain.java > c69a2a6c57139f0ad27b1084a24354b80d2465c6 > > src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java > c1a11bdb91c5e764864324d26248d1783af8048b > src/main/java/org/apache/aurora/scheduler/thrift/aop/AopModule.java > 7c29094c138238ddf0d34d9f795b8aea8f17b421 > src/main/java/org/apache/aurora/scheduler/thrift/aop/Interceptors.java > ee22af10a469db1a3cc46d9092285977b5526f9e > > src/main/java/org/apache/aurora/scheduler/thrift/aop/LoggingInterceptor.java > e66a885302c492b9669e9b526edd7f3c2e9f3ef7 > > src/main/java/org/apache/aurora/scheduler/thrift/aop/SessionKeyMechanismInterceptor.java > PRE-CREATION > > src/main/java/org/apache/aurora/scheduler/thrift/aop/UserCapabilityInterceptor.java > 8e6e52d6418f5e6809f21b7ab83e6ead0f29be19 > src/main/java/org/apache/aurora/scheduler/thrift/auth/ThriftAuthModule.java > 1de64bc608d7e0191f81986166504a182374ada9 > > src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java > 91c1c24448092e1b3454844ab8074ed030383594 > src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java > cce27a0e37452f370a3729b6b05bf0bea29f85f6 > src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java > b510bf1222961329c4eae0a17ff0dfb274ee55a8 > > Diff: https://reviews.apache.org/r/16710/diff/ > > > Testing > ------- > > ./gradlew build > > > Thanks, > > Kevin Sweeney > >