[ https://issues.apache.org/jira/browse/HADOOP-12203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14617406#comment-14617406 ]
Benoy Antony edited comment on HADOOP-12203 at 7/7/15 9:14 PM: --------------------------------------------------------------- Please review HADOOP-10679 for more detailed requirements and design document. As part of generalization, an interface _AuthorizationManager<T>_ is defined. _DefaultAuthorizationManager<T>_ implements _AuthorizationManager<T>_. _ServiceAuthorizationManager_ extends _DefaultAuthorizationManager<Class?>_ and is used for authorize RPC calls. The DefaultAuthorizationManager internally uses _AuthorizationManagerHelper<T>_. Most of the logic in original _ServiceAuthorizationManager_ is moved to _AuthorizationManagerHelper<T>_ . The class diagram and sequence diagrams are in the design document in HADOOP-10679. was (Author: benoyantony): Please review HADOOP-10679 for more detailed requirements and design document. As part of generalization, an interface _AuthorizationManager<T>_ is defined. _DefaultAuthorizationManager<T>_ implements _AuthorizationManager<T>_. _ServiceAuthorizationManager_ extends _DefaultAuthorizationManager<Class?>_ and is used for authorize RPC calls. The DefaultAuthorizationManager internally uses _AuthorizationManagerHelper<T>_. Most of the logic in original_ServiceAuthorizationManager_ is moved to_AuthorizationManagerHelper<T>_ . The class diagram and sequence diagrams are in the design document in HADOOP-10679. > Refactor Service Authorization Framework > ---------------------------------------- > > Key: HADOOP-12203 > URL: https://issues.apache.org/jira/browse/HADOOP-12203 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Reporter: Benoy Antony > Assignee: Benoy Antony > > Refactor Service Authorization Framework so that same framework can be used > to authenticate requests for RPC and web resources. > The _ServiceAuthorizationManager_ uses a Class object to identify the RPC > protocol that the user is trying to access. While this works for an RPC > protocol, it will not work in general. -- This message was sent by Atlassian JIRA (v6.3.4#6332)