[
https://issues.apache.org/jira/browse/HADOOP-4284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635014#action_12635014
]
Doug Cutting commented on HADOOP-4284:
--------------------------------------
> The component for this issue should not be "dfs".
The feature requested (intercept HSFTP requests) is a dfs-related feature. The
implementation is more generic, but I wonder if that's best.
The problem with generic URL filters like this is that they can be difficult to
maintain. HSFTP URLs are probably stable, since HSFTP is designed to support
cross-version access. But other SSL-based services may consider their urls
internal, and if folks used this mechanism to filter them then their filters
will break when the urls change. I'd prefer that this patch only added
extensible filters for HSFTP rather than for all https urls.
> Support for user configurable global filters on HttpServer
> ----------------------------------------------------------
>
> Key: HADOOP-4284
> URL: https://issues.apache.org/jira/browse/HADOOP-4284
> Project: Hadoop Core
> Issue Type: New Feature
> Reporter: Kan Zhang
> Attachments: 4284_20080925_78.patch, 4284_20080926_79.patch
>
>
> HADOOP-3854 introduced a framework for adding filters to filter browser
> facing urls. Sometimes, there is a need to filter all urls. For example, at
> Yahoo, we need to open an SSL port on the HttpServer and only accept hsftp
> requests from clients who can authenticate themselves using client
> certificate and is authorized according to certain policy file. For this to
> happen, we need a method to add a user configurable "global" filter, which
> filters on all client requests. For our purposes, such a global filter will
> block all https requests except those accessing the hsftp interface (it will
> let all http requests go through, so accesses through the normal http ports
> are unaffected). Moreover, those hsftp requests will be subject to further
> authorization checking according to the policy file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
