You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "Raghavendra Nandagopal (JIRA)" <ji...@apache.org> on 2014/09/05 01:26:24 UTC

[jira] [Comment Edited] (STORM-430) (Security) Allow netty SASL to support encryption as well

    [ https://issues.apache.org/jira/browse/STORM-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14122166#comment-14122166 ] 

Raghavendra Nandagopal edited comment on STORM-430 at 9/4/14 11:26 PM:
-----------------------------------------------------------------------

Below is the logs generated after running exclamation topology.
{code}
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer for [id: 0x92dfdf11, /127.0.0.1:59122 => /127.0.0.1:6700] yet; creating now, with topology token: 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: Creating SaslDigestCallback handler with topology token: exclamation-topology_mss
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [INFO] Connection established from /127.0.0.1:60814 to supervisor1/127.0.0.1:6703
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] Creating saslNettyClient now for channel: [id: 0x64e9ffab, /127.0.0.1:60814 => supervisor1/127.0.0.1:6703]
2014-09-04 12:03:34 b.s.m.n.Client [DEBUG] sasl Waiting until the netty authentication completes
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With nettyServer: backtype.storm.messaging.netty.SaslNettyServer@eab9103 and token length: 41
2014-09-04 12:03:34 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting password for client: [B@1f464b10
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 172
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 327
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 344
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer for [id: 0xc1c3cba8, /127.0.0.1:59125 => /127.0.0.1:6700] yet; creating now, with topology token: 
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: Creating SaslDigestCallback handler with topology token: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With nettyServer: backtype.storm.messaging.netty.SaslNettyServer@7a056cdf and token length: 41
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting password for client: [B@7a2ee30e
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [INFO] Connection established from /127.0.0.1:51789 to supervisor1/127.0.0.1:6702
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Creating saslNettyClient now for channel: [id: 0xf2613c67, /127.0.0.1:51789 => supervisor1/127.0.0.1:6702]
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Waiting until the netty authentication completes
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 6
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 10
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 13
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
{code}




was (Author: speaktoraghav):
Below is the logs generated after running exclamation topology.
<code>
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer for [id: 0x92dfdf11, /127.0.0.1:59122 => /127.0.0.1:6700] yet; creating now, with topology token: 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: Creating SaslDigestCallback handler with topology token: exclamation-topology_mss
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [INFO] Connection established from /127.0.0.1:60814 to supervisor1/127.0.0.1:6703
2014-09-04 12:03:34 b.s.m.n.SaslStormClientHandler [DEBUG] Creating saslNettyClient now for channel: [id: 0x64e9ffab, /127.0.0.1:60814 => supervisor1/127.0.0.1:6703]
2014-09-04 12:03:34 b.s.m.n.Client [DEBUG] sasl Waiting until the netty authentication completes
2014-09-04 12:03:34 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With nettyServer: backtype.storm.messaging.netty.SaslNettyServer@eab9103 and token length: 41
2014-09-04 12:03:34 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:34 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting password for client: [B@1f464b10
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 172
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 327
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 344
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] No saslNettyServer for [id: 0xc1c3cba8, /127.0.0.1:59125 => /127.0.0.1:6700] yet; creating now, with topology token: 
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslNettyServer: Topology token is: exclamation-topology_mss with authmethod DIGEST-MD5
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] SaslDigestCallback: Creating SaslDigestCallback handler with topology token: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] processToken:  With nettyServer: backtype.storm.messaging.netty.SaslNettyServer@7a056cdf and token length: 41
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 0
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Responding to input token of length: 293
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting username for client: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting password for client: [B@7a2ee30e
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] handle: SASL server DIGEST-MD5 callback: setting canonicalized client ID: exclamation-topology_mss
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] response: Response token length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] SASL authentication is complete for client with username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslStormServerHandler [DEBUG] Removing SaslServerHandler from pipeline since SASL authentication is complete.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyServer [DEBUG] Setting SaslNettyServer useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] SASL credentials for storm topology exclamation-topology_mss is -8803147606296618717:-5697910567671144648
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [INFO] Connection established from /127.0.0.1:51789 to supervisor1/127.0.0.1:6702
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Creating saslNettyClient now for channel: [id: 0xf2613c67, /127.0.0.1:51789 => supervisor1/127.0.0.1:6702]
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] SaslNettyClient: Creating SASL DIGEST-MD5 client to authenticate to server 
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Waiting until the netty authentication completes
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 6
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 149
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting username: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting userPassword
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] handle: SASL client callback: setting realm: default
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server token has length:293
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 10
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Responding to server's token of length: 40
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Response to server is null: authentication should now be complete.
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] send/recv time (ms): 13
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] Server has sent us the SaslComplete message. Allowing normal work to proceed.
2014-09-04 12:03:35 b.s.m.n.SaslUtils [DEBUG] Verifying QOP, requested QOP = [auth-conf], negotiated QOP = auth-conf
2014-09-04 12:03:35 b.s.m.n.SaslNettyClient [DEBUG] Setting SaslNettyClient useWrapUnwrap to true
2014-09-04 12:03:35 b.s.m.n.SaslStormClientHandler [DEBUG] sasl authentication compeleted, hence releasing the lock
2014-09-04 12:03:35 b.s.m.n.Client [DEBUG] sasl Netty authentication completed, proceeding further
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: Checking whether the client is authorized to send messages to the server 
2014-09-04 12:03:35 b.s.m.n.SaslStormServerAuthorizeHandler [DEBUG] messageReceived: authenticated client: ZXhjbGFtYXRpb24tdG9wb2xvZ3lfbXNz is authorized to do request on server.
</code>



> (Security) Allow netty SASL to support encryption as well
> ---------------------------------------------------------
>
>                 Key: STORM-430
>                 URL: https://issues.apache.org/jira/browse/STORM-430
>             Project: Apache Storm (Incubating)
>          Issue Type: Improvement
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>         Attachments: Storm-Netty Secure Layer.pdf
>
>
> SASL provides more then just authentication, it can also provide integraty guarantees.
> as described here
> http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP
> and
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/sasl/sasl-refguide.html
> In order to provide those guarantees encryption is used, and the wrap/unwrap methods for the SaslClient and Server must be used.  It would be great to support this for storm as well, allowing users to configure the level of security they want.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)