[jira] Commented: (HADOOP-4284) Support for user configurable global filters on HttpServer

Thu, 16 Oct 2008 17:09:08 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-4284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640380#action_12640380
 ] 

Tsz Wo (Nicholas), SZE commented on HADOOP-4284:
------------------------------------------------

>> DistCp.checkSrcPath(...) seems not a good place to set the conf and system 
>> properties values.
> Any suggestion?
I think it belongs to DistCp.setup(...).  Since the new codes are not short, 
you might want to define a method called setupSsl(...) and involve it in 
setup(...).

>Where to put such a method so that it can be conveniently shared?
How about defining a new class, say SslUtil in org.apache.hadoop.security?


BTW, what are the files ssl-client.xml.example and ssl-server.xml.example for?  
They seem templates but not examples.

> Support for user configurable global filters on HttpServer
> ----------------------------------------------------------
>
>                 Key: HADOOP-4284
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4284
>             Project: Hadoop Core
>          Issue Type: New Feature
>    Affects Versions: 0.20.0
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>             Fix For: 0.20.0
>
>         Attachments: 4284_20080925_78.patch, 4284_20080926_79.patch, 
> 4284_20080929_83.patch, 4284_20081007_85.patch, 4284_20081016_93.patch, 
> 4284_20081016_94.patch
>
>
> HADOOP-3854 introduced a framework for adding filters to filter browser 
> facing urls. Sometimes, there is a need to filter all urls. For example, at 
> Yahoo, we need to open an SSL port on the HttpServer and only accept hsftp 
> requests from clients who can authenticate themselves using client 
> certificate and is authorized according to certain policy file. For this to 
> happen, we need a method to add a user configurable "global" filter, which 
> filters on all client requests. For our purposes, such a global filter will 
> block all https requests except those accessing the hsftp interface (it will 
> let all http requests go through, so accesses through the normal http ports 
> are unaffected). Moreover, those hsftp requests will be subject to further 
> authorization checking according to the policy file.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to