[jira] [Commented] (HADOOP-6929) RPC should have a way to pass Security information other than protocol annotations

Mon, 23 May 2011 14:43:40 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-6929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13038254#comment-13038254
 ] 

Owen O'Malley commented on HADOOP-6929:
---------------------------------------

This isn't the right approach. In particular, you don't want to put class names 
in configuration and certainly don't want the new SecurityContext to *replace* 
the current one. We want to use the annotations if they exist and fall back on 
other mechanisms when they don't.

{code}
public abstract class SecurityInfo {
  public abstract KerberofInfo getKerberosInfo(Class<?> protocol);
  public abstract TokenInfo getTokenInfo(Class<?> protocol);
}

public class SecurityUtil {
  private static ServiceLoader<SecurityInfo> securityInfoProviders =
    new ServiceLoader<SecurityInfo>(SecurityInfo.class);
  public static KerberosInfo getKerberosInfo(Class<?> protocol) {
    for(SecurityInfo provider: securityInfoProviders) {
      Class<?> result = provider.getKerberosInfo(protocol);
      if (result != null) return result;
    }
    return null;
  }
  public static TokenInfo getTokenInfo(Class<?> protocol) {...
  }
}
{code}

The Hadoop jar can register the AnnotatedSecurityInfo as the default. If we 
wish to implement more than one in the default jar, we can define a 
StandardSecurityInfo that first checks AnnotatedSecurityInfo and then falls 
back to the second one.

> RPC should have a way to pass Security information other than protocol 
> annotations
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-6929
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6929
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc, security
>            Reporter: Sharad Agarwal
>            Assignee: Sharad Agarwal
>         Attachments: Hadoop-6929_v1.patch
>
>
> Currently Hadoop RPC allows protocol annotations as the only way to pass 
> security information. This becomes a problem if protocols are generated and 
> not hand written. For example protocols generated via Avro and passed over 
> Avro tunnel (AvroRpcEngine.java) can't pass the security information.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to