hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-6929) RPC should have a way to pass Security information other than protocol annotations
Date Mon, 23 May 2011 21:42:56 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13038254#comment-13038254

Owen O'Malley commented on HADOOP-6929:

This isn't the right approach. In particular, you don't want to put class names in configuration
and certainly don't want the new SecurityContext to *replace* the current one. We want to
use the annotations if they exist and fall back on other mechanisms when they don't.

public abstract class SecurityInfo {
  public abstract KerberofInfo getKerberosInfo(Class<?> protocol);
  public abstract TokenInfo getTokenInfo(Class<?> protocol);

public class SecurityUtil {
  private static ServiceLoader<SecurityInfo> securityInfoProviders =
    new ServiceLoader<SecurityInfo>(SecurityInfo.class);
  public static KerberosInfo getKerberosInfo(Class<?> protocol) {
    for(SecurityInfo provider: securityInfoProviders) {
      Class<?> result = provider.getKerberosInfo(protocol);
      if (result != null) return result;
    return null;
  public static TokenInfo getTokenInfo(Class<?> protocol) {...

The Hadoop jar can register the AnnotatedSecurityInfo as the default. If we wish to implement
more than one in the default jar, we can define a StandardSecurityInfo that first checks AnnotatedSecurityInfo
and then falls back to the second one.

> RPC should have a way to pass Security information other than protocol annotations
> ----------------------------------------------------------------------------------
>                 Key: HADOOP-6929
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6929
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc, security
>            Reporter: Sharad Agarwal
>            Assignee: Sharad Agarwal
>         Attachments: Hadoop-6929_v1.patch
> Currently Hadoop RPC allows protocol annotations as the only way to pass security information.
This becomes a problem if protocols are generated and not hand written. For example protocols
generated via Avro and passed over Avro tunnel (AvroRpcEngine.java) can't pass the security

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message