[
https://issues.apache.org/jira/browse/HADOOP-4284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635198#action_12635198
]
Kan Zhang commented on HADOOP-4284:
-----------------------------------
Here is what I can do. Add 2 regexes. The first enables the filter to find out
if the request is an HSFTP request. The second enables the filter to find out
if file path is contained in the query string. If not, then file path must be
part of the URL and the filter should get it by calling getPathInfo(). The
benefits are 1) if we ever change the names of the servlets, filters are not
affected; only need to update the regexes. 2) if we add new servlets or remove
old ones, as long as we don't add new ways of getting the file path, filters
don't need to be changed; only need to update the regexes. Doug, what do you
think?
> Support for user configurable global filters on HttpServer
> ----------------------------------------------------------
>
> Key: HADOOP-4284
> URL: https://issues.apache.org/jira/browse/HADOOP-4284
> Project: Hadoop Core
> Issue Type: New Feature
> Reporter: Kan Zhang
> Attachments: 4284_20080925_78.patch, 4284_20080926_79.patch
>
>
> HADOOP-3854 introduced a framework for adding filters to filter browser
> facing urls. Sometimes, there is a need to filter all urls. For example, at
> Yahoo, we need to open an SSL port on the HttpServer and only accept hsftp
> requests from clients who can authenticate themselves using client
> certificate and is authorized according to certain policy file. For this to
> happen, we need a method to add a user configurable "global" filter, which
> filters on all client requests. For our purposes, such a global filter will
> block all https requests except those accessing the hsftp interface (it will
> let all http requests go through, so accesses through the normal http ports
> are unaffected). Moreover, those hsftp requests will be subject to further
> authorization checking according to the policy file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
