[
https://issues.apache.org/jira/browse/HADOOP-10651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14259226#comment-14259226
]
Arpit Agarwal commented on HADOOP-10651:
----------------------------------------
Hi [~benoyantony],
The patch looks fine. Couple of comments on ServiceAuthorizationManager.java:
# Could you apply the coding style consistently? There are missing and extra
whitespace in the added chunks.
# For protocolToMachineLists, could you add a comment similar to
protocolToAcls. i.e. the first array entry is the set of allowed hosts and the
second is the set of blocked hosts.
Also I think a couple of comments in TestServiceAuthorization.java need to be
fixed. e.g. Lines 328 and 335, comments should start with "TestProtocol1...".
Thank you for updating the documentation.
> Add ability to restrict service access using IP addresses and hostnames
> -----------------------------------------------------------------------
>
> Key: HADOOP-10651
> URL: https://issues.apache.org/jira/browse/HADOOP-10651
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 2.5.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10651.patch, HADOOP-10651.patch
>
>
> In some use cases, it make sense to authorize the usage of some services only
> from specific hosts. Just like ACLS for Service Authorization , there can be
> a list of hosts for each service and this list can be checked during
> authorization.
> Similar to ACLS, there can be a whitelist of ip and blacklist of ips. The
> default whitelist will be * and default blacklist will be empty. It should be
> possible to override the default whitelist and default blacklist. It should
> be possible to define whitelist and blacklist per service.
> It should be possible to define ip ranges in blacklists and whitelists
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
