You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Josh Elser (Jira)" <ji...@apache.org> on 2022/01/13 22:23:00 UTC

[jira] [Created] (HBASE-26667) Integrate user-experience for hbase-client

Josh Elser created HBASE-26667:
----------------------------------

             Summary: Integrate user-experience for hbase-client
                 Key: HBASE-26667
                 URL: https://issues.apache.org/jira/browse/HBASE-26667
             Project: HBase
          Issue Type: Sub-task
            Reporter: Josh Elser
             Fix For: HBASE-26553


Today, we have two mechanism in order to get the tokens needed to authenticate:
 # Kerberos, we rely on a Kerberos ticket being present in a well-known location (defined by JVM properties) or via programmatic invocation of UserGroupInformation
 # Delegation tokens, we rely on special API to be called (our mapreduce API) which loads the token into the current UserGroupInformation "context" (the JAAS PrivilegedAction).

The JWT bearer token approach is very similar to the delegation token mechanism, but HBase does not generate this JWT (as we do with delegation tokens). How does a client provide this token to the hbase-client (i.e. {{ConnectionFactory.getConnection()}} or a {{UserGroupInformation}} call)? We should be mindful of all of the different "entrypoints" to HBase ({{{}hbase ...{}}} commands, {{java -cp}} commands, Phoenix commands, Spark comands, etc). Our solution should be effective for all of these approaches and not require downstream changes.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)