Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.3.0
-
None
Description
When someone creates a module to provide HTTP Authenticator, only in the master it can be register for one of three realms:
- READONLY_HTTP_AUTHENTICATION_REALM
- READWRITE_HTTP_AUTHENTICATION_REALM
- DEFAULT_HTTP_FRAMEWORK_AUTHENTICATION_REALM
These realms are passed to the HTTP basic authenticator when it is constructed:
Result<process::http::authentication::Authenticator*> createBasicAuthenticator( const string& realm, const string& authenticatorName, const Option<Credentials>& credentials) { if (credentials.isNone()) { return Error( "No credentials provided for the default '" + string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) + "' HTTP authenticator for realm '" + realm + "'"); } LOG(INFO) << "Creating default '" << internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR << "' HTTP authenticator for realm '" << realm << "'"; return BasicAuthenticatorFactory::create(realm, credentials.get()); }
However modules don't get to configure their configured realm at construction and the API doesn't allow to change that afterwards:
Result<process::http::authentication::Authenticator*> createCustomAuthenticator( const string& realm, const string& authenticatorName) { if (!modules::ModuleManager::contains< process::http::authentication::Authenticator>(authenticatorName)) { return Error( "HTTP authenticator '" + authenticatorName + "' not found. " "Check the spelling (compare to '" + string(internal::DEFAULT_BASIC_HTTP_AUTHENTICATOR) + "') or verify that the authenticator was loaded " "successfully (see --modules)"); } LOG(INFO) << "Creating '" << authenticatorName << "' HTTP authenticator " << "for realm '" << realm << "'"; return modules::ModuleManager::create< process::http::authentication::Authenticator>(authenticatorName); }
Since the same authenticator module is used for all the realms, it is impossible to provide one authenticator per realm if using modules.