hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "liubangchen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-17099) Is there a plan to support auth connection by username/password like mysql or redis
Date Wed, 16 Nov 2016 09:15:58 GMT

     [ https://issues.apache.org/jira/browse/HBASE-17099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

liubangchen updated HBASE-17099:
--------------------------------
    Description: 
Product managers  ask our hbase cluster to support auth connection  by username/password.

{code}
  private boolean authorizeConnection() throws IOException {
      try {
        // If auth method is DIGEST, the token was obtained by the
        // real user for the effective user, therefore not required to
        // authorize real user. doAs is allowed only for simple or kerberos
        // authentication
        if (user != null && user.getRealUser() != null
            && (authMethod != AuthMethod.DIGEST)) {
          ProxyUsers.authorize(user, this.getHostAddress(), conf);
        }
        authorize(user, connectionHeader, getHostInetAddress());
        metrics.authorizationSuccess();
      } catch (AuthorizationException ae) {
        if (LOG.isDebugEnabled()) {
          LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);
        }
        metrics.authorizationFailure();
        setupResponse(authFailedResponse, authFailedCall,
          new AccessDeniedException(ae), ae.getMessage());
        responder.doRespond(authFailedCall);
        return false;
      }
      return true;
    }
{code}

 Whether  can add a connectionAuthorrizer in method authorizeConnection of class RpcServer
 to auth connection by init the handler from conf.


  was:

Product managers  ask our hbase cluster to support auth connection  by username/password.

{code}
  private boolean authorizeConnection() throws IOException {
      try {
        // If auth method is DIGEST, the token was obtained by the
        // real user for the effective user, therefore not required to
        // authorize real user. doAs is allowed only for simple or kerberos
        // authentication
        if (user != null && user.getRealUser() != null
            && (authMethod != AuthMethod.DIGEST)) {
          ProxyUsers.authorize(user, this.getHostAddress(), conf);
        }
        authorize(user, connectionHeader, getHostInetAddress());
        metrics.authorizationSuccess();
      } catch (AuthorizationException ae) {
        if (LOG.isDebugEnabled()) {
          LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);
        }
        metrics.authorizationFailure();
        setupResponse(authFailedResponse, authFailedCall,
          new AccessDeniedException(ae), ae.getMessage());
        responder.doRespond(authFailedCall);
        return false;
      }
      return true;
    }
{code}

 Whether  can add a connectionAuthorrizer in method authorizeConnection of class RpcServer
 to auth connection by init the handler from conf.


     Issue Type: Brainstorming  (was: Wish)

https://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication

FYI

> Is there a plan to support auth connection by username/password like mysql or redis
> -----------------------------------------------------------------------------------
>
>                 Key: HBASE-17099
>                 URL: https://issues.apache.org/jira/browse/HBASE-17099
>             Project: HBase
>          Issue Type: Brainstorming
>          Components: security
>            Reporter: liubangchen
>            Priority: Trivial
>
> Product managers  ask our hbase cluster to support auth connection  by username/password.
> {code}
>   private boolean authorizeConnection() throws IOException {
>       try {
>         // If auth method is DIGEST, the token was obtained by the
>         // real user for the effective user, therefore not required to
>         // authorize real user. doAs is allowed only for simple or kerberos
>         // authentication
>         if (user != null && user.getRealUser() != null
>             && (authMethod != AuthMethod.DIGEST)) {
>           ProxyUsers.authorize(user, this.getHostAddress(), conf);
>         }
>         authorize(user, connectionHeader, getHostInetAddress());
>         metrics.authorizationSuccess();
>       } catch (AuthorizationException ae) {
>         if (LOG.isDebugEnabled()) {
>           LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);
>         }
>         metrics.authorizationFailure();
>         setupResponse(authFailedResponse, authFailedCall,
>           new AccessDeniedException(ae), ae.getMessage());
>         responder.doRespond(authFailedCall);
>         return false;
>       }
>       return true;
>     }
> {code}
>  Whether  can add a connectionAuthorrizer in method authorizeConnection of class RpcServer
 to auth connection by init the handler from conf.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message