Hello, This is similar to this thread [1], but for aurora scheduler. We are implementing cookie based authentication for aurora scheduler (port: 8080). It is a single sign-on implementation. The unauthenticated users will be redirected to a login service. After user is successfully authenticated in the login service, a cookie will be added in this domain. The cookie is validated against the login service, before the page is rendered.
I wish to get input on the design we are planning to implement, for aurora scheduler. Ideally, we want to grant access to aurora scheduler only for authenticated users. The requests are processed using jetty server and servlet container. Precisely, they are processed using org.apache.aurora.scheduler.http.JettyServerModule. The http handle for every request are accessible from here. Most of requests, if not all, are served by filter based handlers, org.apache.aurora.scheduler.http.CorsFilter is one among many. The doFilter() method is overridden in these filters. To implement authentication, we'll fix the filters to deal with login rediect, r/w cookie & validate the session. The filter would check for the cookie. If auth cookie is not present, user will be redirected to the auth service. If auth cookie is present, it'll be validated and http filter will be processed. The authentication hooks could be added in following filters: 1. org.apache.aurora.scheduler.http.CorsFilter 2. org.apache.aurora.scheduler.http.LeaderRedirectFilter 3. org.apache.aurora.scheduler.http.AbstractFilter Is there a better approach to implement authentication in aurora scheduler? [1] http://mail-archives.apache.org/mod_mbox/incubator-aurora-dev/201408.mbox/%3CCAK0Yc077KshTifyB43X4%2BTp4OW15qrV3J4jpLR4v36v5yw181Q Thank you, -- Regards, Bhuvan Arumugam www.livecipher.com
