[
https://issues.apache.org/jira/browse/FLINK-21108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17272504#comment-17272504
]
Xiaoguang Sun edited comment on FLINK-21108 at 1/27/21, 3:07 AM:
-----------------------------------------------------------------
Both server and client sides are pretty simple. They share most code to compute
authentication header from credentials.
Client side just need to add header 'Authorization: Basic xxxxxxxxxxx' to
request header.
Server side is pretty simple as well. It can check if header matches and
returns HTTP 401 with header 'WWW-Authenticate: Basic realm="User Visible
Realm", charset="UTF-8"' if not, that's it.
was (Author: xexplorer):
Both client side and client are pretty simple. They share most code to compute
authentication header from credentials.
Client side just need to add header 'Authorization: Basic xxxxxxxxxxx' to
request header.
Server side is pretty simple as well. It can check if header matches and
returns HTTP 401 with header 'WWW-Authenticate: Basic realm="User Visible
Realm", charset="UTF-8"' if not, that's it.
> Flink runtime rest server and history server webmonitor do not require
> authentication.
> --------------------------------------------------------------------------------------
>
> Key: FLINK-21108
> URL: https://issues.apache.org/jira/browse/FLINK-21108
> Project: Flink
> Issue Type: New Feature
> Components: Runtime / REST, Runtime / Web Frontend
> Reporter: Xiaoguang Sun
> Priority: Major
> Labels: pull-request-available
>
> Flink runtime rest server and history server webmonitor do not require
> authentication. At certain scenarios, prohibiting unauthorized access is
> desired. Http basic authentication can be used here.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
