You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Kan Zhang (JIRA)" <ji...@apache.org> on 2008/09/26 20:14:44 UTC

[jira] Commented: (HADOOP-4284) Support for user configurable global filters on HttpServer

    [ https://issues.apache.org/jira/browse/HADOOP-4284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12634958#action_12634958 ] 

Kan Zhang commented on HADOOP-4284:
-----------------------------------

Also note that, this patch changes the way default directories "/logs" and "/static" are added to the Jetty Server. They are now added through the addWebApplication interface instead of the addContext interface. The reason is that we want to get back a WebApplicationHandler object so that we can add filters to it. As a side effect, the observation from HADOOP-4282 that you have to test accessing an existent file to catch the bug is no longer valid. With this patch, whether accessing an existent file or non-existent file in the /logs or /static directory doesn't make a difference. Both accesses will fail the test (TestServletFilter.java) and catch the bug (HADOOP-4282). Therefore, in the junit test for this patch (TestGlobalFilter.java) we only tried to access non-existent files. For example, we tested accessing non-existent file "/logs/a.log" in TestGlobalFilter and it passes the test. I also tried to do the same in TestServletFilter, it failed the test and hence caught the b
 ug.

> Support for user configurable global filters on HttpServer
> ----------------------------------------------------------
>
>                 Key: HADOOP-4284
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4284
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>            Reporter: Kan Zhang
>         Attachments: 4284_20080925_78.patch, 4284_20080926_79.patch
>
>
> HADOOP-3854 introduced a framework for adding filters to filter browser facing urls. Sometimes, there is a need to filter all urls. For example, at Yahoo, we need to open an SSL port on the HttpServer and only accept hsftp requests from clients who can authenticate themselves using client certificate and is authorized according to certain policy file. For this to happen, we need a method to add a user configurable "global" filter, which filters on all client requests. For our purposes, such a global filter will block all https requests except those accessing the hsftp interface (it will let all http requests go through, so accesses through the normal http ports are unaffected). Moreover, those hsftp requests will be subject to further authorization checking according to the policy file.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.