[jira] [Commented] (APEXCORE-457) Add documentation for security options for STRAM web services

Mon, 16 May 2016 16:33:01 -0700 

    [ 
https://issues.apache.org/jira/browse/APEXCORE-457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15285647#comment-15285647
 ] 

ASF GitHub Bot commented on APEXCORE-457:
-----------------------------------------

Github user davidyan74 commented on a diff in the pull request:

    https://github.com/apache/incubator-apex-core/pull/333#discussion_r63443653
  
    --- Diff: docs/security.md ---
    @@ -142,7 +168,15 @@ When operators are running there will be effective 
processing rate differences b
     
     Like STRAM, streaming containers also need to communicate with NameNode to 
use HDFS persistence for reasons such as saving the state of the operators. In 
secure mode they also use NameNode delegation tokens for authentication. These 
tokens are also seeded by STRAM for the streaming containers.
     
    +#### Stram Webservices
    +
    +Clients connects to STRAM and make web service requests to obtain 
operational information about a runtime application. When security is enabled 
we want this connection to also be authenticated. In this mode the client 
passes a web service token in the request and the STRAM checks this token. If 
the token is valid, then the request is processed else it is denied.
    +
    +How does the client get the web service token in the first place The 
client will first have to first connect to STRAM via the Resource Manager Web 
Services Proxy which is a service run by Hadoop to proxy requests to 
application web services. This connection is authenticated by the proxy service 
using a protocol called SPNEGO when secure mode is enabled. SPNEGO is Kerberos 
over HTTP and the client also needs to support it. If the authentication is 
successful the proxy forwards the request to STRAM. STRAM in processing the 
request generates and send back a web service token similar to a delegation 
token. This token is then used by client in subsequent requests it makes 
directly to STRAM and STRAM is able to validate it since it generated the token 
in the first place.
    --- End diff --
    
    This token is then used by (add **the**) client


> Add documentation for security options for STRAM web services
> -------------------------------------------------------------
>
>                 Key: APEXCORE-457
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-457
>             Project: Apache Apex Core
>          Issue Type: Bug
>            Reporter: Pramod Immaneni
>            Assignee: Pramod Immaneni
>
> Security can be enabled for STRAM web services. Add documentation for the 
> available options and how security works.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to