hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-6929) RPC should have a way to pass Security information other than protocol annotations
Date Mon, 23 May 2011 21:42:56 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13038254#comment-13038254
] 

Owen O'Malley commented on HADOOP-6929:
---------------------------------------

This isn't the right approach. In particular, you don't want to put class names in configuration
and certainly don't want the new SecurityContext to *replace* the current one. We want to
use the annotations if they exist and fall back on other mechanisms when they don't.

{code}
public abstract class SecurityInfo {
  public abstract KerberofInfo getKerberosInfo(Class<?> protocol);
  public abstract TokenInfo getTokenInfo(Class<?> protocol);
}

public class SecurityUtil {
  private static ServiceLoader<SecurityInfo> securityInfoProviders =
    new ServiceLoader<SecurityInfo>(SecurityInfo.class);
  public static KerberosInfo getKerberosInfo(Class<?> protocol) {
    for(SecurityInfo provider: securityInfoProviders) {
      Class<?> result = provider.getKerberosInfo(protocol);
      if (result != null) return result;
    }
    return null;
  }
  public static TokenInfo getTokenInfo(Class<?> protocol) {...
  }
}
{code}

The Hadoop jar can register the AnnotatedSecurityInfo as the default. If we wish to implement
more than one in the default jar, we can define a StandardSecurityInfo that first checks AnnotatedSecurityInfo
and then falls back to the second one.

> RPC should have a way to pass Security information other than protocol annotations
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-6929
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6929
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc, security
>            Reporter: Sharad Agarwal
>            Assignee: Sharad Agarwal
>         Attachments: Hadoop-6929_v1.patch
>
>
> Currently Hadoop RPC allows protocol annotations as the only way to pass security information.
This becomes a problem if protocols are generated and not hand written. For example protocols
generated via Avro and passed over Avro tunnel (AvroRpcEngine.java) can't pass the security
information.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message