[jira] Commented: (HADOOP-4575) An independent HTTPS proxy for HDFS

Wed, 05 Nov 2008 16:43:07 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-4575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12645371#action_12645371
 ] 

Kan Zhang commented on HADOOP-4575:
-----------------------------------

> There is a race condition in UserGroupInformationManager::getUgiForUser
I was aware of it and chose to punt on it since it doesn't affect correctness 
(the worst can happen is a few extra ugi objects get created and immediately 
garbage collected) and I was reluctant to make it a synchronized method since 
it may launch a shell command. Now that you view it as a problem, I've changed 
the code to use synchronized methods and no longer synchronize on the ugiCache 
object. This problem should go away.

> It introduces a race condition in the jspHelper field initialization
This is essentially the same issue as the above and I again chose to punt on 
it. As we discussed, the proper fix should be making jspHelper a singleton. 
I'll leave that to a separate JIRA and simply noted it in the source code.

> Why does ProxyHttpServer not extend or own an HttpServer?
For easier porting to 17, 18 and 19.

> I don't understand why the proxy would return a status of 402
Just a return code I picked that doesn't already have a defined semantics.

> Calling System.exit from createHdfsProxy is unnecessarily forceful...
I still prefer the code in the patch.

Your other comments are incorporated into the new patch. Thanks!

> An independent HTTPS proxy for HDFS
> -----------------------------------
>
>                 Key: HADOOP-4575
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4575
>             Project: Hadoop Core
>          Issue Type: New Feature
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>             Fix For: 0.20.0
>
>         Attachments: 4575-1-contrib.patch, 4575-1-core.patch, 4575-1.patch, 
> 4575-2-contrib.patch, 4575-2-core.patch, 4575-2.patch, lib.tgz
>
>
> Currently, an HDFS cluster itself exposes an HTTP/HTTPS interface for reading 
> files (i.e., HFTP/HSFTP). However, there is a need for an HTTPS proxy server 
> running independently from the cluster and serving data to users who 
> otherwise can't access the cluster directly. This proxy will authenticate its 
> users via SSL certificates and implements the HSFTP interface for reading 
> files.  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to