[
https://issues.apache.org/jira/browse/GEODE-3000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16033297#comment-16033297
]
Anthony Baker commented on GEODE-3000:
--------------------------------------
Are you planning to support both the custom headers as well as the standard
authentication header? If not, how will we deal with backwards-compatibility
requirements? Typically we should support rolling upgrades of the server
cluster followed by a more extended period of time during which user's would
upgrade their application clients.
> Refactor Admin rest request to send credentials in Authentication header and
> use spring security to authenticate it.
> --------------------------------------------------------------------------------------------------------------------
>
> Key: GEODE-3000
> URL: https://issues.apache.org/jira/browse/GEODE-3000
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinmei Liao
> Fix For: 1.2.0
>
>
> Currently, admin rest put security-password in the header and Jetty would log
> it in debug level, we should send the authentication information in the
> authentication header so that Jetty won't log them, and have the server side
> be able to authenticate that way.
> Currently the way these rest requests are sent are different for different
> request. We need to uniform that first before we can do this refactoring.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
