Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.3.0
-
None
Description
When someone creates a module to provide HTTP Authenticator, only in the master it can be register for one of three realms:
- READONLY_HTTP_AUTHENTICATION_REALM
- READWRITE_HTTP_AUTHENTICATION_REALM
- DEFAULT_HTTP_FRAMEWORK_AUTHENTICATION_REALM
These realms are passed to the HTTP basic authenticator when it is constructed:
Result<process::http::authentication::Authenticator*> createBasicAuthenticator(
const string& realm,
const string& authenticatorName,
const Option<Credentials>& credentials)
{
if (credentials.isNone()) {
return Error(
"No credentials provided for the default '" +
string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) +
"' HTTP authenticator for realm '" + realm + "'");
}
LOG(INFO) << "Creating default '"
<< internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR
<< "' HTTP authenticator for realm '" << realm << "'";
return BasicAuthenticatorFactory::create(realm, credentials.get());
}
However modules don't get to configure their configured realm at construction and the API doesn't allow to change that afterwards:
Result<process::http::authentication::Authenticator*> createCustomAuthenticator(
const string& realm,
const string& authenticatorName)
{
if (!modules::ModuleManager::contains<
process::http::authentication::Authenticator>(authenticatorName)) {
return Error(
"HTTP authenticator '" + authenticatorName + "' not found. "
"Check the spelling (compare to '" +
string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) +
"') or verify that the authenticator was loaded "
"successfully (see --modules)");
}
LOG(INFO) << "Creating '" << authenticatorName << "' HTTP authenticator "
<< "for realm '" << realm << "'";
return modules::ModuleManager::create<
process::http::authentication::Authenticator>(authenticatorName);
}
Since the same authenticator module is used for all the realms, it is impossible to provide one authenticator per realm if using modules.