[jira] Commented: (HADOOP-4284) Support for user configurable global filters on HttpServer

Fri, 17 Oct 2008 14:30:42 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-4284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640673#action_12640673
 ] 

Tsz Wo (Nicholas), SZE commented on HADOOP-4284:
------------------------------------------------

> I did refactor it into a new method setupSsl() in the new patch. 
setupSsl() should not be invoked in DistCp.checkSrcPath(...).  Please find a 
better place.  It will be hard to understand why checkSrcPath(...) somehow 
changes the system properties for setting up ssl.

BTW, this issue is supposed to due with global filters but not ssl as stated in 
the title.  Could you create another issue for ssl?  Otherwise, parties 
interested in ssl may miss this.

> Support for user configurable global filters on HttpServer
> ----------------------------------------------------------
>
>                 Key: HADOOP-4284
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4284
>             Project: Hadoop Core
>          Issue Type: New Feature
>    Affects Versions: 0.20.0
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>             Fix For: 0.20.0
>
>         Attachments: 4284_20080925_78.patch, 4284_20080926_79.patch, 
> 4284_20080929_83.patch, 4284_20081007_85.patch, 4284_20081016_93.patch, 
> 4284_20081016_94.patch, 4284_20081016_96.patch
>
>
> HADOOP-3854 introduced a framework for adding filters to filter browser 
> facing urls. Sometimes, there is a need to filter all urls. For example, at 
> Yahoo, we need to open an SSL port on the HttpServer and only accept hsftp 
> requests from clients who can authenticate themselves using client 
> certificate and is authorized according to certain policy file. For this to 
> happen, we need a method to add a user configurable "global" filter, which 
> filters on all client requests. For our purposes, such a global filter will 
> block all https requests except those accessing the hsftp interface (it will 
> let all http requests go through, so accesses through the normal http ports 
> are unaffected). Moreover, those hsftp requests will be subject to further 
> authorization checking according to the policy file.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to