[
https://issues.apache.org/jira/browse/STORM-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14062723#comment-14062723
]
ASF GitHub Bot commented on STORM-347:
--------------------------------------
Github user revans2 commented on a diff in the pull request:
https://github.com/apache/incubator-storm/pull/166#discussion_r14966321
--- Diff:
storm-core/src/jvm/backtype/storm/security/auth/ShellBasedUnixGroupsMapping.java
---
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package backtype.storm.security.auth;
+
+import java.io.IOException;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.StringTokenizer;
+import backtype.storm.utils.ShellUtils;
+import backtype.storm.utils.ShellUtils.ExitCodeException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class ShellBasedUnixGroupsMapping implements
+ IGroupMappingServiceProvider {
+
+ public static Logger LOG =
LoggerFactory.getLogger(ShellBasedUnixGroupsMapping.class);
+
+ /**
+ * Invoked once immediately after construction
+ * @param storm_conf Storm configuration
+ */
+ public void prepare(Map storm_conf) {}
+
+ /**
+ * Returns list of groups for a user
+ *
+ * @param user get groups for this user
+ * @return list of groups for a given user
+ */
+ @Override
+ public Set<String> getGroups(String user) throws IOException {
+ return getUnixGroups(user);
--- End diff --
This is likely to be called very frequently and fork/exec are not fast. We
should implement some of the caching the Interface suggests should be going on.
> (Security) authentication should allow for groups not just users
> ----------------------------------------------------------------
>
> Key: STORM-347
> URL: https://issues.apache.org/jira/browse/STORM-347
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Assignee: Sriharsha Chintalapani
> Labels: security
>
> It would really be great if authentication for topology access, and the UI
> could support groups, not just users.
> It might be worth looking at some Hadoop code that already does things like
> this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
