[ https://issues.apache.org/jira/browse/HBASE-17099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
liubangchen updated HBASE-17099: -------------------------------- Description: Product managers ask our hbase cluster to support auth connection by username/password. {code} private boolean authorizeConnection() throws IOException { try { // If auth method is DIGEST, the token was obtained by the // real user for the effective user, therefore not required to // authorize real user. doAs is allowed only for simple or kerberos // authentication if (user != null && user.getRealUser() != null && (authMethod != AuthMethod.DIGEST)) { ProxyUsers.authorize(user, this.getHostAddress(), conf); } authorize(user, connectionHeader, getHostInetAddress()); metrics.authorizationSuccess(); } catch (AuthorizationException ae) { if (LOG.isDebugEnabled()) { LOG.debug("Connection authorization failed: " + ae.getMessage(), ae); } metrics.authorizationFailure(); setupResponse(authFailedResponse, authFailedCall, new AccessDeniedException(ae), ae.getMessage()); responder.doRespond(authFailedCall); return false; } return true; } {code} Whether can add a connectionAuthorrizer in method authorizeConnection of class RpcServer to auth connection by init the handler from conf. was: Product managers ask our hbase cluster to support auth connection by username/password. {code} private boolean authorizeConnection() throws IOException { try { // If auth method is DIGEST, the token was obtained by the // real user for the effective user, therefore not required to // authorize real user. doAs is allowed only for simple or kerberos // authentication if (user != null && user.getRealUser() != null && (authMethod != AuthMethod.DIGEST)) { ProxyUsers.authorize(user, this.getHostAddress(), conf); } authorize(user, connectionHeader, getHostInetAddress()); metrics.authorizationSuccess(); } catch (AuthorizationException ae) { if (LOG.isDebugEnabled()) { LOG.debug("Connection authorization failed: " + ae.getMessage(), ae); } metrics.authorizationFailure(); setupResponse(authFailedResponse, authFailedCall, new AccessDeniedException(ae), ae.getMessage()); responder.doRespond(authFailedCall); return false; } return true; } {code} Whether can add a connectionAuthorrizer in method authorizeConnection of class RpcServer to auth connection by init the handler from conf. Issue Type: Brainstorming (was: Wish) https://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication FYI > Is there a plan to support auth connection by username/password like mysql or > redis > ----------------------------------------------------------------------------------- > > Key: HBASE-17099 > URL: https://issues.apache.org/jira/browse/HBASE-17099 > Project: HBase > Issue Type: Brainstorming > Components: security > Reporter: liubangchen > Priority: Trivial > > Product managers ask our hbase cluster to support auth connection by > username/password. > {code} > private boolean authorizeConnection() throws IOException { > try { > // If auth method is DIGEST, the token was obtained by the > // real user for the effective user, therefore not required to > // authorize real user. doAs is allowed only for simple or kerberos > // authentication > if (user != null && user.getRealUser() != null > && (authMethod != AuthMethod.DIGEST)) { > ProxyUsers.authorize(user, this.getHostAddress(), conf); > } > authorize(user, connectionHeader, getHostInetAddress()); > metrics.authorizationSuccess(); > } catch (AuthorizationException ae) { > if (LOG.isDebugEnabled()) { > LOG.debug("Connection authorization failed: " + ae.getMessage(), > ae); > } > metrics.authorizationFailure(); > setupResponse(authFailedResponse, authFailedCall, > new AccessDeniedException(ae), ae.getMessage()); > responder.doRespond(authFailedCall); > return false; > } > return true; > } > {code} > Whether can add a connectionAuthorrizer in method authorizeConnection of > class RpcServer to auth connection by init the handler from conf. -- This message was sent by Atlassian JIRA (v6.3.4#6332)