[jira] [Commented] (STORM-348) (Security) Netty SASL Authentication

ASF GitHub Bot (JIRA) Fri, 25 Jul 2014 09:09:45 -0700

    [ 
https://issues.apache.org/jira/browse/STORM-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14074510#comment-14074510
 ]


ASF GitHub Bot commented on STORM-348:
--------------------------------------

Github user revans2 commented on a diff in the pull request:

    https://github.com/apache/incubator-storm/pull/202#discussion_r15409108
  
    --- Diff: 
storm-core/src/jvm/backtype/storm/messaging/netty/StormClientPipelineFactory.java
 ---
    @@ -32,12 +34,24 @@ public ChannelPipeline getPipeline() throws Exception {
             // Create a default pipeline implementation.
             ChannelPipeline pipeline = Channels.pipeline();
     
    -        // Decoder
    -        pipeline.addLast("decoder", new MessageDecoder());
    -        // Encoder
    -        pipeline.addLast("encoder", new MessageEncoder());
    -        // business logic.
    -        pipeline.addLast("handler", new 
StormClientErrorHandler(client.name()));
    +        boolean isNettyAuth = (Boolean) 
this.client.storm_conf.get(Config.STORM_MESSAGING_NETTY_AUTHENTICATION);
    +        if(isNettyAuth) {
    +           // Decoder
    +           pipeline.addLast("decoder", new MessageDecoder());
    +           // Encoder
    +           pipeline.addLast("encoder", new MessageEncoder());
    +           // Authenticate: Removed after authentication completes
    +           pipeline.addLast("saslClientHandler", new 
SaslStormClientHandler(client));
    +           // business logic.
    +           pipeline.addLast("handler", new 
StormClientErrorHandler(client.name()));
    +        } else {
    +           // Decoder
    +           pipeline.addLast("decoder", new MessageDecoder());
    +           // Encoder
    +           pipeline.addLast("encoder", new MessageEncoder());
    +           // business logic.
    +           pipeline.addLast("handler", new 
StormClientErrorHandler(client.name()));
    +        }
    --- End diff --
    
    There is a lot in common between the if and else blocks.  Could we try and 
combine them again, and just have adding the saslClientHandler be in the if 
block?


> (Security) Netty SASL Authentication
> ------------------------------------
>
>                 Key: STORM-348
>                 URL: https://issues.apache.org/jira/browse/STORM-348
>             Project: Apache Storm (Incubating)
>          Issue Type: Bug
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>              Labels: security
>         Attachments: Storm-Netty Authentication.pdf
>
>
> Currently The Netty transport does no authentication at all.  You can encrypt 
> the tuples being sent, but that is a huge performance hit for many cases that 
> do not need it.  We should support simple SASL authentication when Netty 
> first connects to an external process.  We probably want to use something 
> similar to what we do for ZK, and generate a random secret for each topology.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (STORM-348) (Security) Netty SASL Authentication

Reply via email to