[jira] [Comment Edited] (STORM-430) (Security) Allow netty SASL to support encryption as well

Thu, 04 Sep 2014 16:27:11 -0700 

    [ 
https://issues.apache.org/jira/browse/STORM-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14122166#comment-14122166
 ] 

Raghavendra Nandagopal edited comment on STORM-430 at 9/4/14 11:26 PM:
-----------------------------------------------------------------------

Below is the logs generated after running exclamation topology.
{code}
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer 
for [id: 0x92dfdf11, /127.0.0.1:59122 => /127.0.0.1:6700] yet; creating now, 
with topology token: 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology 
token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: 
Creating SaslDigestCallback handler with topology token: 
exclamation-topology_mss
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [INFO] Connection 
established from /127.0.0.1:60814 to supervisor1/127.0.0.1:6703
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] Creating 
saslNettyClient now for channel: [id: 0x64e9ffab, /127.0.0.1:60814 => 
supervisor1/127.0.0.1:6703]
2014-09-04 12:03:34 b.s.m.n.Client [DEBUG] sasl Waiting until the netty 
authentication completes
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With 
nettyServer: backtype.storm.messaging.netty.SaslNettyServer@eab9103 and token 
length: 41
2014-09-04 12:03:34 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating 
SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting password for client: [B@1f464b10
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
172
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication 
is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing 
SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
327
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
344
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us 
the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication 
compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, 
proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer 
for [id: 0xc1c3cba8, /127.0.0.1:59125 => /127.0.0.1:6700] yet; creating now, 
with topology token: 
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology 
token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: 
Creating SaslDigestCallback handler with topology token: 
exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With 
nettyServer: backtype.storm.messaging.netty.SaslNettyServer@7a056cdf and token 
length: 41
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting password for client: [B@7a2ee30e
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication 
is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing 
SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [INFO] Connection 
established from /127.0.0.1:51789 to supervisor1/127.0.0.1:6702
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Creating 
saslNettyClient now for channel: [id: 0xf2613c67, /127.0.0.1:51789 => 
supervisor1/127.0.0.1:6702]
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating 
SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Waiting until the netty 
authentication completes
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
6
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
10
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
13
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us 
the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication 
compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, 
proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
{code}




was (Author: speaktoraghav):
Below is the logs generated after running exclamation topology.
<code>
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer 
for [id: 0x92dfdf11, /127.0.0.1:59122 => /127.0.0.1:6700] yet; creating now, 
with topology token: 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology 
token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: 
Creating SaslDigestCallback handler with topology token: 
exclamation-topology_mss
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [INFO] Connection 
established from /127.0.0.1:60814 to supervisor1/127.0.0.1:6703
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] Creating 
saslNettyClient now for channel: [id: 0x64e9ffab, /127.0.0.1:60814 => 
supervisor1/127.0.0.1:6703]
2014-09-04 12:03:34 b.s.m.n.Client [DEBUG] sasl Waiting until the netty 
authentication completes
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With 
nettyServer: backtype.storm.messaging.netty.SaslNettyServer@eab9103 and token 
length: 41
2014-09-04 12:03:34 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating 
SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting password for client: [B@1f464b10
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
172
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication 
is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing 
SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
327
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
344
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us 
the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication 
compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, 
proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer 
for [id: 0xc1c3cba8, /127.0.0.1:59125 => /127.0.0.1:6700] yet; creating now, 
with topology token: 
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology 
token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: 
Creating SaslDigestCallback handler with topology token: 
exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With 
nettyServer: backtype.storm.messaging.netty.SaslNettyServer@7a056cdf and token 
length: 41
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to 
input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting password for client: [B@7a2ee30e
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server 
DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token 
length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication 
is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing 
SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for 
storm topology exclamation-topology_mss is 
-8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [INFO] Connection 
established from /127.0.0.1:51789 to supervisor1/127.0.0.1:6702
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Creating 
saslNettyClient now for channel: [id: 0xf2613c67, /127.0.0.1:51789 => 
supervisor1/127.0.0.1:6702]
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating 
SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Waiting until the netty 
authentication completes
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
6
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client 
callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
10
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to 
server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server 
is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 
13
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us 
the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = 
[auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient 
useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication 
compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, 
proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: Checking whether the client is authorized to send messages to 
the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] 
messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is 
authorized to do request on server.
</code>



> (Security) Allow netty SASL to support encryption as well
> ---------------------------------------------------------
>
>                 Key: STORM-430
>                 URL: https://issues.apache.org/jira/browse/STORM-430
>             Project: Apache Storm (Incubating)
>          Issue Type: Improvement
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>         Attachments: Storm-Netty Secure Layer.pdf
>
>
> SASL provides more then just authentication, it can also provide integraty 
> guarantees.
> as described here
> http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP
> and
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/sasl/sasl-refguide.html
> In order to provide those guarantees encryption is used, and the wrap/unwrap 
> methods for the SaslClient and Server must be used.  It would be great to 
> support this for storm as well, allowing users to configure the level of 
> security they want.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to