[ https://issues.apache.org/jira/browse/HDFS-14234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16814961#comment-16814961 ]
Anu Engineer commented on HDFS-14234: ------------------------------------- [~clayb] the patch looks quite good, here are some very minor comments. 1. DatanodeHTTPserver.java, there are some minor checkstyle fixes needed. 2. The changes in hadoop-env.sh are accidental? 3. For production purposes, we should remove the log4j.properties settings for web handlers? 4. I am not sure if this is possible in real life, but from the test case, it is possible to trigger a NullPointerException. ?? ?? ?? httpRequest =?? ?? new DefaultFullHttpRequest(HttpVersion.HTTP_1_1,?? ?? HttpMethod.GET,?? ?? WebHdfsFileSystem.PATH_PREFIX + "/user/myName/fooFile");?? If we send a request without a query portion then it looks like the \{{HostRestrictingAuthorizationFilter.handleInteraction}} will throw a null pointer java.lang.NullPointerException > Limit WebHDFS to specifc user, host, directory triples > ------------------------------------------------------ > > Key: HDFS-14234 > URL: https://issues.apache.org/jira/browse/HDFS-14234 > Project: Hadoop HDFS > Issue Type: New Feature > Components: webhdfs > Reporter: Clay B. > Assignee: Clay B. > Priority: Trivial > Attachments: > 0001-HDFS-14234.-Limit-WebHDFS-to-specifc-user-host-direc.patch, > 0002-HDFS-14234.-Limit-WebHDFS-to-specifc-user-host-direc.patch, > 0003-HDFS-14234.-Limit-WebHDFS-to-specifc-user-host-direc.patch > > > For those who have multiple network zones, it is useful to prevent certain > zones from downloading data from WebHDFS while still allowing uploads. This > can enable functionality of HDFS as a dropbox for data - data goes in but can > not be pulled back out. (Motivation further presented in [StrangeLoop 2018 Of > Data Dropboxes and Data > Gloveboxes|https://www.thestrangeloop.com/2018/of-data-dropboxes-and-data-gloveboxes.html]). > Ideally, one could limit the datanodes from returning data via an > [{{OPEN}}|https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Open_and_Read_a_File] > but still allow things such as > [{{GETFILECHECKSUM}}|https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Get_File_Checksum] > and > {{[{{CREATE}}|https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Create_and_Write_to_a_File]}}. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org