[jira] Updated: (HADOOP-4284) Support for user configurable global filters on HttpServer

Thu, 25 Sep 2008 23:50:39 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-4284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kan Zhang updated HADOOP-4284:
------------------------------

    Attachment: 4284_20080925_78.patch

This patch adds an interface method on HttpServer for adding a global filter. 
It also includes a global filter example, which filters hsftp requests based on 
a configurable policy file. The policy file defines the mappings from user 
names to list of comma separated directories/files that the corresponding users 
are authorized to access. The policy file is periodically checked for updates 
at user configurable interval.

Note that this patch does not fix the bug identified in HADOOP-4282, which 
affects the browser facing filters of HADOOP-3854, but not the global filters 
introduced in this patch.

> Support for user configurable global filters on HttpServer
> ----------------------------------------------------------
>
>                 Key: HADOOP-4284
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4284
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>            Reporter: Kan Zhang
>         Attachments: 4284_20080925_78.patch
>
>
> HADOOP-3854 introduced a framework for adding filters to filter browser 
> facing urls. Sometimes, there is a need to filter all urls. For example, at 
> Yahoo, we need to open an SSL port on the HttpServer and only accept hsftp 
> requests from clients who can authenticate themselves using client 
> certificate and is authorized according to certain policy file. For this to 
> happen, we need a method to add a user configurable "global" filter, which 
> filters on all client requests. For our purposes, such a global filter will 
> block all https requests except those accessing the hsftp interface (it will 
> let all http requests go through, so accesses through the normal http ports 
> are unaffected). Moreover, those hsftp requests will be subject to further 
> authorization checking according to the policy file.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to