peng.jianhua created KYLIN-2960:
-----------------------------------
Summary: We should submit a new feature that it support the
authentication for user and role and the authentication for user and group when
the LDAP authentication was enabled.
Key: KYLIN-2960
URL: https://issues.apache.org/jira/browse/KYLIN-2960
Project: Kylin
Issue Type: New Feature
Components: General
Reporter: peng.jianhua
Assignee: peng.jianhua
Currently, the user authentication interface that was provided by kylin to the
third party only supports user and role authentication. However only user and
group have authentication function when we use the LDAP authentication. In fact
the authentication for user and role and the authentication for user and group
have the same functional characteristics between different appplication system.
So we should submit a new feature that it support the authentication for user
and role and the authentication for user and group when the LDAP authentication
was enabled.
We supplied the checkPermission interface to implement the new feature. In the
interface we set user groups information to the userRoles parameter when the
LDAP was enabled, on the contrary we set user roles information to the
userRoles parameter. The interface is as following:
/**
* Checks if a user has permission on an entity.
*
* @param user
* @param userRoles
* @param entityType String constants defined in AclEntityType
* @param entityUuid
* @param permission
*
* @return true if has permission
*/
abstract public boolean checkPermission(String user, List<String> userRoles, //
String entityType, String entityUuid, Permission permission);
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
