[FEATURE] Support http bearer token authentication #6590
Labels
Comments
turboFei
added
kind:feature
turboFei
changed the title
4 tasks
This was referenced Aug 14, 2024
pan3793
pushed a commit
that referenced
this issue
Aug 16, 2024
…ocol # 🔍 Description ## Issue References 🔗 This pull request fixes #6618 ## Describe Your Solution 🔧 It is a subtask of #6590 This PR is to support http bearer token authentication for REST protocol. In addition to BasicAuthenticationHandler, BearerAuthenticationHandler will be added to handle http bear token authentication. They will both support CUSTOM AuthType. In order to distinguish them, two new configurations are added: kyuubi.authentication.custom.basic.class and kyuubi.authentication.custom.bearer.class. For http bear token custom authentication, users could implement the new 'org.apache.kyuubi.service.authentication.TokenAuthenticationProvider', and specify it in the configuration. ## Types of changes 🔖 - [ ] Bugfix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 #### Behavior Without This Pull Request ⚰️ #### Behavior With This Pull Request 🎉 #### Related Unit Tests --- # Checklist 📝 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes #6608 from George314159/authentication. Closes #6618 d07a30f [Wang, Fei] fix UT 6499c99 [George314159] Update Test Case da519a9 [George314159] Update based on comments f471601 [Wang, Fei] Refine UT 5444223 [George314159] Add test suite for custom authentication f2bbfbf [Wang, Fei] comments & refine a733c0e [George314159] Remove unused val 6f669d4 [George314159] Fix 650b88d [George314159] Update based on comments 5bc2bac [George314159] Update based on comments 1893889 [George314159] Update based on Comments ddee882 [George314159] Fix Style 379a563 [George314159] Support http bearer token authentication Lead-authored-by: George314159 <hua16732@gmail.com> Co-authored-by: Wang, Fei <fwang12@ebay.com> Signed-off-by: Cheng Pan <chengpan@apache.org>
4 tasks
This was referenced Aug 16, 2024
turboFei
pushed a commit
that referenced
this issue
Aug 17, 2024
# 🔍 Description ## Issue References 🔗 This pull request fixes #6623 ## Describe Your Solution 🔧 This is a subtask of #6590 Followup of #6591 ## Types of changes 🔖 - [ ] Bugfix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 #### Behavior Without This Pull Request ⚰️ #### Behavior With This Pull Request 🎉 #### Related Unit Tests --- # Checklist 📝 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes #6625 from George314159/swagger. Closes #6623 d94f950 [George314159] retest 7c38c63 [George314159] Support authorization on swagger UI Authored-by: George314159 <hua16732@gmail.com> Signed-off-by: Wang, Fei <fwang12@ebay.com>
turboFei
added a commit
that referenced
this issue
Aug 20, 2024
…ocol # 🔍 Description ## Issue References 🔗 This pull request fixes #6619 ## Describe Your Solution 🔧 This is a subtask of #6590 This PR makes the following changes: 1. Instead of using SessionManager, the ThriftHttpService will use AuthorizationFilter to handle http client parameters. The purpose is to pass correct client IP address for bearer token authentication. 2. Partial backport Partial backport: apache/hive#3006 ## Types of changes 🔖 - [ ] Bugfix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 #### Behavior Without This Pull Request ⚰️ #### Behavior With This Pull Request 🎉 #### Related Unit Tests --- # Checklist 📝 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes #6624 from George314159/thrift. Closes #6619 9761d6d [Wang, Fei] Partial backport HIVE-25575: Add support for JWT authentication in HTTP mode 30ede05 [Wang, Fei] Revert "suffix" 39c9458 [Wang, Fei] suffix b994206 [Wang, Fei] Revert "Fix" ea6236a [George314159] Fix a75025b [George314159] Refine UT 9454335 [George314159] Refine 8f4eeff [George314159] Update UT 6192d47 [Wang, Fei] revert unused c7f037c [Wang, Fei] Support bearer token in kyuubi jdbc f7725f7 [George314159] Refine f865abf [George314159] Refine 9d4edd5 [George314159] Add http header config for thrift bearer token auth and UT 6d0f973 [Wang, Fei] refine a7e785b [Wang, Fei] save Lead-authored-by: Wang, Fei <fwang12@ebay.com> Co-authored-by: George314159 <hua16732@gmail.com> Signed-off-by: Wang, Fei <fwang12@ebay.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code of Conduct
Search before asking
Describe the feature
The same with celeborn https://github.com/apache/celeborn/blob/main/service/src/main/scala/org/apache/celeborn/server/common/http/authentication/BearerAuthenticationHandler.scala
To support bearer token authentication.
Motivation
Bearer token authentication is widely used.
Describe the solution
Refer: https://github.com/apache/celeborn/blob/main/service/src/main/scala/org/apache/celeborn/server/common/http/authentication/BearerAuthenticationHandler.scala
apache/celeborn#2440
Additional context
No response
Are you willing to submit PR?
The text was updated successfully, but these errors were encountered: