[jira] Commented: (HADOOP-4284) Support for user configurable global filters on HttpServer

Fri, 26 Sep 2008 15:30:37 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-4284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635049#action_12635049
 ] 

Kan Zhang commented on HADOOP-4284:
-----------------------------------

Doug, I think you do have a valid point and we should try to address it 
whenever possible. However, in this case, adding a simple regex that matches 
HSFTP urls may not help. Currently, there are 3 servlets serving the HSFTP 
interface, namely /listPaths, /data, and /streamFile. The filter needs to know 
which particular servlet the request is for, not just the fact that the request 
is a HSFTP request, since the way to obtain request file path (for 
authorization checking) is different for different servlets. To make it work, 
we have to standardize on the way file paths are sent in the https requests and 
any other data we may want to filter on. I feel this is a bigger task than this 
jira. 

> Support for user configurable global filters on HttpServer
> ----------------------------------------------------------
>
>                 Key: HADOOP-4284
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4284
>             Project: Hadoop Core
>          Issue Type: New Feature
>            Reporter: Kan Zhang
>         Attachments: 4284_20080925_78.patch, 4284_20080926_79.patch
>
>
> HADOOP-3854 introduced a framework for adding filters to filter browser 
> facing urls. Sometimes, there is a need to filter all urls. For example, at 
> Yahoo, we need to open an SSL port on the HttpServer and only accept hsftp 
> requests from clients who can authenticate themselves using client 
> certificate and is authorized according to certain policy file. For this to 
> happen, we need a method to add a user configurable "global" filter, which 
> filters on all client requests. For our purposes, such a global filter will 
> block all https requests except those accessing the hsftp interface (it will 
> let all http requests go through, so accesses through the normal http ports 
> are unaffected). Moreover, those hsftp requests will be subject to further 
> authorization checking according to the policy file.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to