hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-6929) RPC should have a way to pass Security information other than protocol annotations
Date Mon, 23 May 2011 22:23:48 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13038279#comment-13038279
] 

Luke Lu commented on HADOOP-6929:
---------------------------------

bq. In particular, you don't want to put class names in configuration

This is a pervasive anti-pattern used in hadoop all over the place, HADOOP-7150 is supposed
to address that.

bq. and certainly don't want the new SecurityContext to replace the current one.

Agreed. This is a major flaw of the current patch, though the flawed mechanism is still workable
if the new security info implements the fallback mechanism.

bq. private static ServiceLoader<SecurityInfo> securityInfoProviders = new ServiceLoader<SecurityInfo>(SecurityInfo.class);

The usage should be:
{code}
ServiceLoader<SecurityInfo> securityInfoProviders = ServiceLoader.load(SecurityInfo.class);
{code}

> RPC should have a way to pass Security information other than protocol annotations
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-6929
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6929
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc, security
>            Reporter: Sharad Agarwal
>            Assignee: Sharad Agarwal
>         Attachments: Hadoop-6929_v1.patch
>
>
> Currently Hadoop RPC allows protocol annotations as the only way to pass security information.
This becomes a problem if protocols are generated and not hand written. For example protocols
generated via Avro and passed over Avro tunnel (AvroRpcEngine.java) can't pass the security
information.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message