[
https://issues.apache.org/jira/browse/STORM-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14074503#comment-14074503
]
ASF GitHub Bot commented on STORM-348:
--------------------------------------
Github user revans2 commented on a diff in the pull request:
https://github.com/apache/incubator-storm/pull/202#discussion_r15408724
--- Diff: storm-core/src/jvm/backtype/storm/messaging/netty/SaslUtils.java
---
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package backtype.storm.messaging.netty;
+
+import java.nio.charset.Charset;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.sasl.Sasl;
+
+import org.apache.commons.codec.binary.Base64;
+
+import backtype.storm.Config;
+
+class SaslUtils {
+ public static final String AUTH_DIGEST_MD5 = "DIGEST-MD5";
+ public static final String DEFAULT_REALM = "default";
+
+ static Map<String, String> getSaslProps() {
+ Map<String, String> props = new HashMap<String, String>();
+ props.put(Sasl.POLICY_NOPLAINTEXT, "true");
+ return props;
+ }
+
+ /**
+ * Encode a password as a base64-encoded char[] array.
+ *
+ * @param password
+ * as a byte array.
+ * @return password as a char array.
+ */
+ static char[] encodePassword(byte[] password) {
+ return new String(Base64.encodeBase64(password),
+ Charset.defaultCharset()).toCharArray();
+ }
+
+ /**
+ * Encode a identifier as a base64-encoded char[] array.
+ *
+ * @param identifier
+ * as a byte array.
+ * @return identifier as a char array.
+ */
+ static String encodeIdentifier(byte[] identifier) {
+ return new String(Base64.encodeBase64(identifier),
+ Charset.defaultCharset());
--- End diff --
UTF-8 here too.
> (Security) Netty SASL Authentication
> ------------------------------------
>
> Key: STORM-348
> URL: https://issues.apache.org/jira/browse/STORM-348
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Assignee: Raghavendra Nandagopal
> Labels: security
> Attachments: Storm-Netty Authentication.pdf
>
>
> Currently The Netty transport does no authentication at all. You can encrypt
> the tuples being sent, but that is a huge performance hit for many cases that
> do not need it. We should support simple SASL authentication when Netty
> first connects to an external process. We probably want to use something
> similar to what we do for ZK, and generate a random secret for each topology.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
