Issue #3653: Kerberos authentication for web resource support (#4097)
Fixes #3653 Master Issue: #3491 ** Motivation Add kerberos support for web resource support. This mainly include 2 parts: - the HttpClient that works for HttpLookup. - the BaseResource that works for admin rest end point. *** Modifications For kerberos authentication, there need several back/forth requests to do the negotiation between client and server. This change add a method authenticationStage in AuthenticationSasl, and a method authenticateHttpRequest in AuthenticationProviderSasl to do the mutual negotiation. And a saslRoleToken is cached in AuthenticationSasl once the authentication get success. When do the sasl authentication, it will first use saslRoleToken cache, and if sever check this token failed, do real sasl authentication. Changed unit test SaslAuthenticateTest, which enable sasl authentication in admin and also use http lookup to verify the change.
Showing
想要评论请 注册 或 登录