You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Benoy Antony (JIRA)" <ji...@apache.org> on 2015/07/07 23:15:04 UTC

[jira] [Comment Edited] (HADOOP-12203) Refactor Service Authorization Framework

    [ https://issues.apache.org/jira/browse/HADOOP-12203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14617406#comment-14617406 ] 

Benoy Antony edited comment on HADOOP-12203 at 7/7/15 9:14 PM:
---------------------------------------------------------------

Please review HADOOP-10679 for more detailed requirements and design document.

As part of generalization, an interface _AuthorizationManager<T>_ is defined. _DefaultAuthorizationManager<T>_ implements
_AuthorizationManager<T>_. _ServiceAuthorizationManager_ extends _DefaultAuthorizationManager<Class?>_ and is used for
authorize RPC calls. 

The DefaultAuthorizationManager internally uses _AuthorizationManagerHelper<T>_. Most of the logic in original_ServiceAuthorizationManager_ is moved to_AuthorizationManagerHelper<T>_ .

The class diagram and sequence diagrams are in the design document in  HADOOP-10679.


was (Author: benoyantony):
Please review HADOOP-10679 for more detailed requirements and design document.

As part of generalization, an interface AuthorizationManager<T> is defined. DefaultAuthorizationManager<T> implements
AuthorizationManager<T>. ServiceAuthorizationManager extends DefaultAuthorizationManager<Class?> and is used for
authorize RPC calls.

> Refactor Service Authorization Framework
> ----------------------------------------
>
>                 Key: HADOOP-12203
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12203
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>
> Refactor Service Authorization Framework so that same framework can be used to authenticate requests for RPC and web resources.
> The _ServiceAuthorizationManager_ uses a Class object to identify the RPC protocol that the user is trying to access. While this works for an RPC protocol, it will not work in general.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)