Experimental support for Authenticated databases #147
Conversation
This commit reads authorization info from the Servlet Request by parsing the Authorization-header. The authorization information is then passed along to Database to be used in indexing requests from database
|
I think this is the wrong approach. I've sketched what I think it ought to look like here (http://friendpaste.com/1J8edQNtYJWeJpIa2hxoaV). Specifically, we teach Jetty that it needs to authenticate to couchdb. I haven't completed the CouchDBUserRealm class yet. The authenticate method would call /_session or something. Perhaps even that is wrong, though. It would be simple to set up separate authentication for couchdb-lucene and this seems easier to reason about security issues. I find it difficult to be happy about proxying usernames and passwords back and forth like this. |
|
sidenote: couchdb-lucene should be packaged as a proper WAR file, and then authenticate to it goes into web.xml, where it belongs, and becomes the deployers decision on how to secure it. If c-l also ships with a module that allows authentication against couchdb itself, then that just gives more options without forcing anyone's hand. |
This commit reads authorization info from the Servlet Request by parsing the
Authorization-header. The authorization information is then passed along to
Database to be used in indexing requests from database
This PR tries to solve issue #79