You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Arpit Agarwal (JIRA)" <ji...@apache.org> on 2015/11/20 23:35:11 UTC

[jira] [Comment Edited] (HADOOP-12203) Refactor Service Authorization Framework

    [ https://issues.apache.org/jira/browse/HADOOP-12203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018940#comment-15018940 ] 

Arpit Agarwal edited comment on HADOOP-12203 at 11/20/15 10:35 PM:
-------------------------------------------------------------------

Hi [~benoyantony], thanks for this refactoring. It will be good to have uniform authorization.

+1 with a few nitpicks:
# AuthorizationManagerHelper#SERVICE_AUTHORIZATION_CONFIG - unused field?
# AuthorizationManagerHelper Constructor - comment _Flip to the newly parsed permissions_ looks out of place. Since the flip occurs when the helper object is replaced by the caller. Perhaps move the comment to {{DefaultAuthorizationManager#refreshWithLoadedConfiguration}}.
# Any updates required to the _Service Level Authorization Guide_?
# Also can you please fix the coding style. There are a few missing spaces. e.g. {{AccessControlList blockedAcl =getAccessControlList(}} and {{(ServiceAuthorizationManager)serviceAuthorizationManager}}.

I assume you have tested these changes at eBay deployments. [~wheat9], do you have any comments before I commit?


was (Author: arpitagarwal):
Hi [~benoyantony], thanks for this refactoring. It will be good to have uniform authorization.

+1 with a few nitpicks:
# AuthorizationManagerHelper#SERVICE_AUTHORIZATION_CONFIG - unused field?
# AuthorizationManagerHelper Constructor - comment _Flip to the newly parsed permissions_ looks out of place. Since the flip occurs when the helper object is replaced by the caller. Perhaps move the comment to {{DefaultAuthorizationManager#refreshWithLoadedConfiguration}}.
# Any updates required to the _Service Level Authorization Guide_?

I assume you have tested these changes at eBay deployments. [~wheat9], do you have any comments before I commit?

> Refactor Service Authorization Framework
> ----------------------------------------
>
>                 Key: HADOOP-12203
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12203
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HADOOP-12203-001.patch, HADOOP-12203-002.patch
>
>
> Refactor Service Authorization Framework so that same framework can be used to authenticate requests for RPC and web resources.
> The _ServiceAuthorizationManager_ uses a Class object to identify the RPC protocol that the user is trying to access. While this works for an RPC protocol, it will not work in general.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)