[jira] [Comment Edited] (HADOOP-12203) Refactor Service Authorization Framework

Benoy Antony (JIRA) Tue, 07 Jul 2015 14:15:47 -0700

    [ 
https://issues.apache.org/jira/browse/HADOOP-12203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14617406#comment-14617406
 ]


Benoy Antony edited comment on HADOOP-12203 at 7/7/15 9:14 PM:
---------------------------------------------------------------

Please review HADOOP-10679 for more detailed requirements and design document.

As part of generalization, an interface _AuthorizationManager<T>_ is defined. 
_DefaultAuthorizationManager<T>_ implements
_AuthorizationManager<T>_. _ServiceAuthorizationManager_ extends 
_DefaultAuthorizationManager<Class?>_ and is used for
authorize RPC calls. 

The DefaultAuthorizationManager internally uses 
_AuthorizationManagerHelper<T>_. Most of the logic in original 
_ServiceAuthorizationManager_ is moved to _AuthorizationManagerHelper<T>_ .

The class diagram and sequence diagrams are in the design document in  
HADOOP-10679.


was (Author: benoyantony):
Please review HADOOP-10679 for more detailed requirements and design document.

As part of generalization, an interface _AuthorizationManager<T>_ is defined. 
_DefaultAuthorizationManager<T>_ implements
_AuthorizationManager<T>_. _ServiceAuthorizationManager_ extends 
_DefaultAuthorizationManager<Class?>_ and is used for
authorize RPC calls. 

The DefaultAuthorizationManager internally uses 
_AuthorizationManagerHelper<T>_. Most of the logic in 
original_ServiceAuthorizationManager_ is moved 
to_AuthorizationManagerHelper<T>_ .

The class diagram and sequence diagrams are in the design document in  
HADOOP-10679.

> Refactor Service Authorization Framework
> ----------------------------------------
>
>                 Key: HADOOP-12203
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12203
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>
> Refactor Service Authorization Framework so that same framework can be used 
> to authenticate requests for RPC and web resources.
> The _ServiceAuthorizationManager_ uses a Class object to identify the RPC 
> protocol that the user is trying to access. While this works for an RPC 
> protocol, it will not work in general.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (HADOOP-12203) Refactor Service Authorization Framework

Reply via email to