[FEATURE] Support to return authentication subject with PasswdAuthenticationProvider · apache/kyuubi#4630

(2 comments) (0 reactions) (0 assignees)Scala (2,332 stars) (996 forks)batch import

help wantedkind:featurepriority:major

説明

Code of Conduct

I agree to follow this project's Code of Conduct

Search before asking

I have searched in the issues and found no similar issues.

Describe the feature

Now the PasswdAuthenticationProvider only authenticate whether the specified user name and password is valid, and nothing return.

trait PasswdAuthenticationProvider {
  @throws[AuthenticationException]
  def authenticate(user: String, password: String): Unit
}

In fact, in some use case, the transferred user name is not the valid user name. It might be a key pair, and is a limited secret used for some use cases.

It is better that we can add a new method to return a subject to provided more authentication info.

Such as :

trait PasswdAuthenticationProvider {
  @throws[AuthenticationException]
  def authenticate(user: String, password: String): Unit

  def authenticateAndReturnSubject(user: String, password: String): Subject = {
    authenticate(user, password)
    new Subject(user)
  }
}

Motivation

cover more password authentication use case.

Describe the solution

No response

Additional context

No response

Are you willing to submit PR?

Yes. I would be willing to submit a PR with guidance from the Kyuubi community to improve.
No. I cannot submit a PR at this time.

コントリビューターガイド

技術スタック: なし
領域: security
Issue 種別: feature
難度: 2
推定時間: under 1 hour
活動状況: fresh
明確さ: clear
前提条件: ScalaApache Kyuubiauthentication concepts
初心者向け度: 80
調査方針: Locate the PasswdAuthenticationProvider trait in the Kyuubi codebase (likely under kyuubi common or similar). The issue proposes adding a default method `authenticateAndReturnSubject` that calls `authenticate` and returns a new Subject. Implement this method in the trait, ensuring backward compatibility. Review existing implementations to verify they work with the new default.