hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10771) Refactor HTTP delegation support out of httpfs to common
Date Tue, 22 Jul 2014 16:06:39 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alejandro Abdelnur updated HADOOP-10771:
----------------------------------------

    Attachment: HADOOP-10771.patch
                HADOOP-10771.sh

Run the script first, using 'fs' parameter if in a GIT checkout or using 'svn' if in a SVN
checkout.

Following some comments that may help the review.

*Moves:*

{code}
src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/client/HttpFSKerberosAuthenticator.java

dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java

NOTES: refactored client Delegation Token management logic (get/renew/cancel) into an auth

       abstract authenticator. introduced a special auth-token subclass to encapsulate client
       side handling of the delegation token.

src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/client/HttpFSPseudoAuthenticator.java

dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/PseudoDelegationTokenAuthenticator.java

NOTES: simple move, this is a simple authenticator that uses UGI instead of 
       System.getProperties("user.name") as in hadoop-auth

src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSAuthenticationFilter.java

dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java

NOTES: move and minor clean up of config loading for general use.

src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSKerberosAuthenticationHandler.java

dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java

NOTES: simple move and minor tweaks. this is where the Delegation Token 
       management (get/renew/cancel) happens on the server sdie.

src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/lib/service/DelegationTokenIdentifier.java
dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenIdentifier.java

NOTES: simple move

src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/lib/service/security/DelegationTokenManagerService.java

dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java

NOTES: move and code simplification, and generalization to be able to use an 
       existing secret manager if provided in the servlet context.

src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/lib/service/security/TestDelegationTokenManagerService.java

dst: hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenManager.java

NOTES: simple move

src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/server/TestHttpFSKerberosAuthenticationHandler.java

dst: hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java


NOTES: move, adding more tests.
{code}

*New code:*

* DelegationTokenAuthenticatedURL.java: AuthenticatedURL subclass providing public API to
do delegation token management.
* KerberosDelegationTokenAuthenticator.java: client subclass that composes the existing Kerberos
authenticator with the delegation token management one.
* PseudoDelegationTokenAuthenticator.java: client subclass that composes the existing simple
authenticator with the delegation token management one.
* PseudoDelegationTokenAuthenticationHandler.java: server subclass that provides pseudo auth
with delegation token support, simply setting the auth-token type to be 'simple-dt'.
* KerberosDelegationTokenAuthenticationHandler.java: server subclass that provides kerberos
auth with delegation token support, simply setting the auth-token type to be 'kerberos-dt'.


> Refactor HTTP delegation support out of httpfs to common
> --------------------------------------------------------
>
>                 Key: HADOOP-10771
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10771
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>         Attachments: HADOOP-10771.patch, HADOOP-10771.sh
>
>
> HttpFS implements delegation token support in {{AuthenticationFilter}} & {{AuthenticationHandler}}
subclasses.
> For HADOOP-10770 we need similar functionality for KMS.
> Not to duplicate code, we should refactor existing code to common.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message