-
Notifications
You must be signed in to change notification settings - Fork 35
Authentication
Authentication is designed in pluggable manner. This means that anything can be used as an authentication system. It could be a local database, property-based authentication, LDAP, authentication through Jira or Google, your own standalone authentication system.
This approach makes the service flexible and allows to use any authentication system that is being used in the company. The only thing that has to be done - an AuthProvider and SessionProvider interfaces should be implemented and implementations should be declared in a config file.
Auth provider creates a session on login and performs verification - if a user is authenticated. Authentication can be performed via a login-password pair or with a token (for API). There is a DummyAythProbider available by default. It has a single user configured in config file. JiraAuthProvider is in development stage and going to be shipped with the first version of QuAck.
Auth provider is responsible for returning the list of users and user groups - to be able to configure projects permissions.
Session provider is an abstraction that stores user sessions and user's info by their session ids. Session is being created on login and is being reused by session id cookie.
There are 2 SessionProviders available - InmemorySessionProvider for a single-replica instance, and a HazelcastSessionProvider - which allows to store sessions in distributed synchronized database which will be started automatically.
Any other session provider can be implemented - e.g. - database session provider.