apex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (APEXCORE-397) Allow configurability of stram web services authentication
Date Tue, 22 Mar 2016 17:56:25 GMT

    [ https://issues.apache.org/jira/browse/APEXCORE-397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15206904#comment-15206904
] 

ASF GitHub Bot commented on APEXCORE-397:
-----------------------------------------

Github user davidyan74 commented on a diff in the pull request:

    https://github.com/apache/incubator-apex-core/pull/277#discussion_r57036460
  
    --- Diff: engine/src/main/java/com/datatorrent/stram/util/SecurityUtils.java ---
    @@ -0,0 +1,74 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *   http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing,
    + * software distributed under the License is distributed on an
    + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    + * KIND, either express or implied.  See the License for the
    + * specific language governing permissions and limitations
    + * under the License.
    + */
    +package com.datatorrent.stram.util;
    +
    +import org.apache.hadoop.conf.Configuration;
    +import org.apache.hadoop.security.UserGroupInformation;
    +
    +import com.datatorrent.api.Context;
    +import com.datatorrent.api.Context.StramHTTPAuthentication;
    +
    +/**
    + *
    + */
    +public class SecurityUtils
    +{
    +
    +  public static final String HADOOP_HTTP_AUTH_PROP = "hadoop.http.authentication.type";
    +  private static final String HADOOP_HTTP_AUTH_VALUE_SIMPLE = "simple";
    +
    +  private static boolean stramWebSecurityEnabled;
    +  private static boolean hadoopWebSecurityEnabled;
    +
    +  // If not initialized explicitly default to Hadoop auth
    +  static {
    +    hadoopWebSecurityEnabled = stramWebSecurityEnabled = UserGroupInformation.isSecurityEnabled();
    +  }
    +
    +  public static void init(Configuration configuration, StramHTTPAuthentication stramHTTPAuth)
    +  {
    +    hadoopWebSecurityEnabled = false;
    +    String authValue = configuration.get(HADOOP_HTTP_AUTH_PROP);
    +    if ((authValue != null) && !authValue.equals(HADOOP_HTTP_AUTH_VALUE_SIMPLE))
{
    +      hadoopWebSecurityEnabled = true;
    +    }
    +    // Stram http auth may not be specified and is null but still set a default
    +    boolean authDefault = false;
    +    if (stramHTTPAuth != null) {
    +      if (stramHTTPAuth == Context.StramHTTPAuthentication.FOLLOW_HADOOP_HTTP_AUTH) {
    +        stramWebSecurityEnabled = hadoopWebSecurityEnabled;
    +      } else if (stramHTTPAuth == StramHTTPAuthentication.FOLLOW_HADOOP_AUTH) {
    +        stramWebSecurityEnabled = UserGroupInformation.isSecurityEnabled();
    +      } else if (stramHTTPAuth == StramHTTPAuthentication.ENABLE) {
    +        stramWebSecurityEnabled = true;
    +      } else if (stramHTTPAuth == StramHTTPAuthentication.DISABLE) {
    +        stramWebSecurityEnabled = false;
    +      }
    +    }
    +  }
    +
    +  public static boolean isHadoopWebSecurityEnabled() {
    --- End diff --
    
    open curly brace following definition should be on a newline


> Allow configurability of stram web services authentication
> ----------------------------------------------------------
>
>                 Key: APEXCORE-397
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-397
>             Project: Apache Apex Core
>          Issue Type: Bug
>            Reporter: Pramod Immaneni
>            Assignee: Pramod Immaneni
>
> Today whether stram web service authentication is enabled or disabled is totally dependent
on hadoop authentication setting for rpc (not even hadoop http authentication setting). So
if hadoop authentication is enabled stram web service authentication was enabled. Furthermore
when stram web service authentication is enabled, at authentication time checks are done against
RM proxy ip address which fail if the addresses aren't configured correctly for example in
HA scenarios. This requires debugging and specifying the correct properties if they are missing.
Users may not want this authentication in the first place and not want to go through hassle.
> A better mechanism is needed where users can configure this authentication. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message