You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Rong Rong (JIRA)" <ji...@apache.org> on 2019/02/14 04:05:00 UTC
[jira] [Updated] (FLINK-11589) Introduce service provider pattern
for user to dynamically load SecurityFactory classes
[ https://issues.apache.org/jira/browse/FLINK-11589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rong Rong updated FLINK-11589:
------------------------------
Description:
Currently there are only 3 security modules in Flink - Hadoop, Zookeeper and JaaS, all of which are pre-loaded to the Flink security runtime with one hard-coded path for instantiating SecurityContext, which is used invoke use code with PrivilegedExceptionAction.
We propose to introduce a [service provider pattern|https://docs.oracle.com/javase/tutorial/ext/basics/spi.html] to allow users to dynamically load {{SecurityModuleFactory}} or even introduce a new {{SecurityContextFactory}} so that security runtime modules/context can be set by dynamically loading any 3rd party JAR. The discover or these modules are currently designed to go through property configurations.
This is especially useful in a corporate environment where proprietary security technologies are involved.
was:
Currently there are only 3 security modules in Flink - Hadoop, Zookeeper and JaaS, all of which are pre-loaded to the Flink security runtime with one hard-coded path for instantiating SecurityContext, which is used invoke use code with PrivilegedExceptionAction.
We propose to introduce a [service provider pattern|https://docs.oracle.com/javase/tutorial/ext/basics/spi.html] to allow users to dynamically load {{SecurityModuleFactory}} or even introduce a new {{SecurityContextFactory}} so that all the security runtime context can be set by dynamically loading any 3rd party JAR. and discover them through property configurations.
This is especially useful in a corporate environment where proprietary security technologies are involved.
> Introduce service provider pattern for user to dynamically load SecurityFactory classes
> ---------------------------------------------------------------------------------------
>
> Key: FLINK-11589
> URL: https://issues.apache.org/jira/browse/FLINK-11589
> Project: Flink
> Issue Type: Sub-task
> Components: Security
> Reporter: Rong Rong
> Assignee: Rong Rong
> Priority: Major
>
> Currently there are only 3 security modules in Flink - Hadoop, Zookeeper and JaaS, all of which are pre-loaded to the Flink security runtime with one hard-coded path for instantiating SecurityContext, which is used invoke use code with PrivilegedExceptionAction.
> We propose to introduce a [service provider pattern|https://docs.oracle.com/javase/tutorial/ext/basics/spi.html] to allow users to dynamically load {{SecurityModuleFactory}} or even introduce a new {{SecurityContextFactory}} so that security runtime modules/context can be set by dynamically loading any 3rd party JAR. The discover or these modules are currently designed to go through property configurations.
> This is especially useful in a corporate environment where proprietary security technologies are involved.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)