apex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (APEXCORE-457) Add documentation for security options for STRAM web services
Date Mon, 16 May 2016 23:31:12 GMT

    [ https://issues.apache.org/jira/browse/APEXCORE-457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15285645#comment-15285645

ASF GitHub Bot commented on APEXCORE-457:

Github user davidyan74 commented on a diff in the pull request:

    --- Diff: docs/security.md ---
    @@ -142,7 +168,15 @@ When operators are running there will be effective processing rate
differences b
     Like STRAM, streaming containers also need to communicate with NameNode to use HDFS persistence
for reasons such as saving the state of the operators. In secure mode they also use NameNode
delegation tokens for authentication. These tokens are also seeded by STRAM for the streaming
    +#### Stram Webservices
    +Clients connects to STRAM and make web service requests to obtain operational information
about a runtime application. When security is enabled we want this connection to also be authenticated.
In this mode the client passes a web service token in the request and the STRAM checks this
token. If the token is valid, then the request is processed else it is denied.
    +How does the client get the web service token in the first place The client will first
have to first connect to STRAM via the Resource Manager Web Services Proxy which is a service
run by Hadoop to proxy requests to application web services. This connection is authenticated
by the proxy service using a protocol called SPNEGO when secure mode is enabled. SPNEGO is
Kerberos over HTTP and the client also needs to support it. If the authentication is successful
the proxy forwards the request to STRAM. STRAM in processing the request generates and send
back a web service token similar to a delegation token. This token is then used by client
in subsequent requests it makes directly to STRAM and STRAM is able to validate it since it
generated the token in the first place.
    --- End diff --
    STRAM in processing the request generates and send**s** back

> Add documentation for security options for STRAM web services
> -------------------------------------------------------------
>                 Key: APEXCORE-457
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-457
>             Project: Apache Apex Core
>          Issue Type: Bug
>            Reporter: Pramod Immaneni
>            Assignee: Pramod Immaneni
> Security can be enabled for STRAM web services. Add documentation for the available options
and how security works.

This message was sent by Atlassian JIRA

View raw message