You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "liubangchen (JIRA)" <ji...@apache.org> on 2016/11/16 09:15:58 UTC
[jira] [Updated] (HBASE-17099) Is there a plan to support auth
connection by username/password like mysql or redis
[ https://issues.apache.org/jira/browse/HBASE-17099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
liubangchen updated HBASE-17099:
--------------------------------
Description:
Product managers ask our hbase cluster to support auth connection by username/password.
{code}
private boolean authorizeConnection() throws IOException {
try {
// If auth method is DIGEST, the token was obtained by the
// real user for the effective user, therefore not required to
// authorize real user. doAs is allowed only for simple or kerberos
// authentication
if (user != null && user.getRealUser() != null
&& (authMethod != AuthMethod.DIGEST)) {
ProxyUsers.authorize(user, this.getHostAddress(), conf);
}
authorize(user, connectionHeader, getHostInetAddress());
metrics.authorizationSuccess();
} catch (AuthorizationException ae) {
if (LOG.isDebugEnabled()) {
LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);
}
metrics.authorizationFailure();
setupResponse(authFailedResponse, authFailedCall,
new AccessDeniedException(ae), ae.getMessage());
responder.doRespond(authFailedCall);
return false;
}
return true;
}
{code}
Whether can add a connectionAuthorrizer in method authorizeConnection of class RpcServer to auth connection by init the handler from conf.
was:
Product managers ask our hbase cluster to support auth connection by username/password.
{code}
private boolean authorizeConnection() throws IOException {
try {
// If auth method is DIGEST, the token was obtained by the
// real user for the effective user, therefore not required to
// authorize real user. doAs is allowed only for simple or kerberos
// authentication
if (user != null && user.getRealUser() != null
&& (authMethod != AuthMethod.DIGEST)) {
ProxyUsers.authorize(user, this.getHostAddress(), conf);
}
authorize(user, connectionHeader, getHostInetAddress());
metrics.authorizationSuccess();
} catch (AuthorizationException ae) {
if (LOG.isDebugEnabled()) {
LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);
}
metrics.authorizationFailure();
setupResponse(authFailedResponse, authFailedCall,
new AccessDeniedException(ae), ae.getMessage());
responder.doRespond(authFailedCall);
return false;
}
return true;
}
{code}
Whether can add a connectionAuthorrizer in method authorizeConnection of class RpcServer to auth connection by init the handler from conf.
Issue Type: Brainstorming (was: Wish)
https://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication
FYI
> Is there a plan to support auth connection by username/password like mysql or redis
> -----------------------------------------------------------------------------------
>
> Key: HBASE-17099
> URL: https://issues.apache.org/jira/browse/HBASE-17099
> Project: HBase
> Issue Type: Brainstorming
> Components: security
> Reporter: liubangchen
> Priority: Trivial
>
> Product managers ask our hbase cluster to support auth connection by username/password.
> {code}
> private boolean authorizeConnection() throws IOException {
> try {
> // If auth method is DIGEST, the token was obtained by the
> // real user for the effective user, therefore not required to
> // authorize real user. doAs is allowed only for simple or kerberos
> // authentication
> if (user != null && user.getRealUser() != null
> && (authMethod != AuthMethod.DIGEST)) {
> ProxyUsers.authorize(user, this.getHostAddress(), conf);
> }
> authorize(user, connectionHeader, getHostInetAddress());
> metrics.authorizationSuccess();
> } catch (AuthorizationException ae) {
> if (LOG.isDebugEnabled()) {
> LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);
> }
> metrics.authorizationFailure();
> setupResponse(authFailedResponse, authFailedCall,
> new AccessDeniedException(ae), ae.getMessage());
> responder.doRespond(authFailedCall);
> return false;
> }
> return true;
> }
> {code}
> Whether can add a connectionAuthorrizer in method authorizeConnection of class RpcServer to auth connection by init the handler from conf.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)