You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "guanyun (Jira)" <ji...@apache.org> on 2019/12/08 13:35:02 UTC

[jira] [Created] (HBASE-23477) CLONE - Implement secure native client connection

guanyun created HBASE-23477:
-------------------------------

             Summary: CLONE - Implement secure native client connection
                 Key: HBASE-23477
                 URL: https://issues.apache.org/jira/browse/HBASE-23477
             Project: HBase
          Issue Type: Sub-task
            Reporter: guanyun
            Assignee: Ted Yu
             Fix For: HBASE-14850
         Attachments: 17860.v2.txt, 17860.v21.txt, 17860.v3.txt, 17860.v4.txt, 17860.v43.txt

So far, the native client communicates with insecure cluster.

This JIRA is to add secure connection support for native client using Cyrus library.
The work is based on earlier implementation and is redone via wangle and folly frameworks.

Thanks to [~devaraj] who started the initiative.

Here is high level description of the design:
* SaslHandler is declared as:
{code}
class SaslHandler
    : public wangle::HandlerAdapter<folly::IOBufQueue&, std::unique_ptr<folly::IOBuf>>{
{code}
It would be inserted between EventBaseHandler and LengthFieldBasedFrameDecoder in the pipeline (via RpcPipelineFactory::newPipeline())

* SaslHandler would intercept writes to server by buffering the IOBuf's and start the handshake process (via sasl_client_XX calls provided by Cyrus)

* after handshake is complete, SaslHandler would send the buffered IOBuf's to server and act as pass-thru from then on



--
This message was sent by Atlassian Jira
(v8.3.4#803005)