[FEATURE] Support to return authentication subject with PasswdAuthenticationProvider · apache/kyuubi#4630

(2 留言) (0 反應) (0 負責人)Scala (2,332 star) (996 fork)batch import

help wantedkind:featurepriority:major

描述

Code of Conduct

I agree to follow this project's Code of Conduct

Search before asking

I have searched in the issues and found no similar issues.

Describe the feature

Now the PasswdAuthenticationProvider only authenticate whether the specified user name and password is valid, and nothing return.

trait PasswdAuthenticationProvider {
  @throws[AuthenticationException]
  def authenticate(user: String, password: String): Unit
}

In fact, in some use case, the transferred user name is not the valid user name. It might be a key pair, and is a limited secret used for some use cases.

It is better that we can add a new method to return a subject to provided more authentication info.

Such as :

trait PasswdAuthenticationProvider {
  @throws[AuthenticationException]
  def authenticate(user: String, password: String): Unit

  def authenticateAndReturnSubject(user: String, password: String): Subject = {
    authenticate(user, password)
    new Subject(user)
  }
}

Motivation

cover more password authentication use case.

Describe the solution

No response

Additional context

No response

Are you willing to submit PR?

Yes. I would be willing to submit a PR with guidance from the Kyuubi community to improve.
No. I cannot submit a PR at this time.

貢獻者指南

技術棧: 無
領域: security
議題類型: feature
難度: 2
預計時間: under 1 hour
活動狀態: fresh
清晰度: clear
前置要求: ScalaApache Kyuubiauthentication concepts
新手友善度: 80
研究方向: Locate the PasswdAuthenticationProvider trait in the Kyuubi codebase (likely under kyuubi common or similar). The issue proposes adding a default method `authenticateAndReturnSubject` that calls `authenticate` and returns a new Subject. Implement this method in the trait, ensuring backward compatibility. Review existing implementations to verify they work with the new default.