You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Arpit Agarwal (JIRA)" <ji...@apache.org> on 2015/11/20 23:35:11 UTC
[jira] [Comment Edited] (HADOOP-12203) Refactor Service
Authorization Framework
[ https://issues.apache.org/jira/browse/HADOOP-12203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018940#comment-15018940 ]
Arpit Agarwal edited comment on HADOOP-12203 at 11/20/15 10:35 PM:
-------------------------------------------------------------------
Hi [~benoyantony], thanks for this refactoring. It will be good to have uniform authorization.
+1 with a few nitpicks:
# AuthorizationManagerHelper#SERVICE_AUTHORIZATION_CONFIG - unused field?
# AuthorizationManagerHelper Constructor - comment _Flip to the newly parsed permissions_ looks out of place. Since the flip occurs when the helper object is replaced by the caller. Perhaps move the comment to {{DefaultAuthorizationManager#refreshWithLoadedConfiguration}}.
# Any updates required to the _Service Level Authorization Guide_?
# Also can you please fix the coding style. There are a few missing spaces. e.g. {{AccessControlList blockedAcl =getAccessControlList(}} and {{(ServiceAuthorizationManager)serviceAuthorizationManager}}.
I assume you have tested these changes at eBay deployments. [~wheat9], do you have any comments before I commit?
was (Author: arpitagarwal):
Hi [~benoyantony], thanks for this refactoring. It will be good to have uniform authorization.
+1 with a few nitpicks:
# AuthorizationManagerHelper#SERVICE_AUTHORIZATION_CONFIG - unused field?
# AuthorizationManagerHelper Constructor - comment _Flip to the newly parsed permissions_ looks out of place. Since the flip occurs when the helper object is replaced by the caller. Perhaps move the comment to {{DefaultAuthorizationManager#refreshWithLoadedConfiguration}}.
# Any updates required to the _Service Level Authorization Guide_?
I assume you have tested these changes at eBay deployments. [~wheat9], do you have any comments before I commit?
> Refactor Service Authorization Framework
> ----------------------------------------
>
> Key: HADOOP-12203
> URL: https://issues.apache.org/jira/browse/HADOOP-12203
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-12203-001.patch, HADOOP-12203-002.patch
>
>
> Refactor Service Authorization Framework so that same framework can be used to authenticate requests for RPC and web resources.
> The _ServiceAuthorizationManager_ uses a Class object to identify the RPC protocol that the user is trying to access. While this works for an RPC protocol, it will not work in general.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)