[
https://issues.apache.org/jira/browse/FLINK-11589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rong Rong updated FLINK-11589:
------------------------------
Description:
Currently there are only 3 security modules in Flink - Hadoop, Zookeeper and
JaaS, all of which are pre-loaded to the Flink security runtime with one
hard-coded path for instantiating SecurityContext, which is used invoke use
code with PrivilegedExceptionAction.
We propose to introduce a [service provider
pattern|https://docs.oracle.com/javase/tutorial/ext/basics/spi.html] to allow
users to dynamically load {{SecurityModuleFactory}} or even introduce a new
{{SecurityContextFactory}} so that security runtime modules/context can be set
by dynamically loading any 3rd party JAR. The discover or these modules are
currently designed to go through property configurations.
This is especially useful in a corporate environment where proprietary security
technologies are involved.
was:
Currently there are only 3 security modules in Flink - Hadoop, Zookeeper and
JaaS, all of which are pre-loaded to the Flink security runtime with one
hard-coded path for instantiating SecurityContext, which is used invoke use
code with PrivilegedExceptionAction.
We propose to introduce a [service provider
pattern|https://docs.oracle.com/javase/tutorial/ext/basics/spi.html] to allow
users to dynamically load {{SecurityModuleFactory}} or even introduce a new
{{SecurityContextFactory}} so that all the security runtime context can be set
by dynamically loading any 3rd party JAR. and discover them through property
configurations.
This is especially useful in a corporate environment where proprietary security
technologies are involved.
> Introduce service provider pattern for user to dynamically load
> SecurityFactory classes
> ---------------------------------------------------------------------------------------
>
> Key: FLINK-11589
> URL: https://issues.apache.org/jira/browse/FLINK-11589
> Project: Flink
> Issue Type: Sub-task
> Components: Security
> Reporter: Rong Rong
> Assignee: Rong Rong
> Priority: Major
>
> Currently there are only 3 security modules in Flink - Hadoop, Zookeeper and
> JaaS, all of which are pre-loaded to the Flink security runtime with one
> hard-coded path for instantiating SecurityContext, which is used invoke use
> code with PrivilegedExceptionAction.
> We propose to introduce a [service provider
> pattern|https://docs.oracle.com/javase/tutorial/ext/basics/spi.html] to allow
> users to dynamically load {{SecurityModuleFactory}} or even introduce a new
> {{SecurityContextFactory}} so that security runtime modules/context can be
> set by dynamically loading any 3rd party JAR. The discover or these modules
> are currently designed to go through property configurations.
> This is especially useful in a corporate environment where proprietary
> security technologies are involved.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
