[FALCON-1027] Falcon REST API trusted proxy support - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7
Fix Version/s: 0.8
Component/s: None
Labels:
None

Description

In order for Falcon REST API to work securely via the Knox gateway it must be possible to setup a trust relationship between Knox and Falcon. This is commonly done in other Hadoop ecosystem components using a combination of Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for Falcon to strongly authenticate Knox as a trusted proxy, ensuring that it can trust the identity assertions made via the doas query parameter. The links below provide some information describing how this is done for core Hadoop. Also note that most components utilize Hadoop core's reusable hadoop-auth module to implement this functionality.
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ApacheFalcon-Proxyusersupport.pdf
22/Jul/15 18:50
84 kB
Sowmya Ramesh
FALCON-1027.v0.patch
25/Aug/15 20:57
187 kB
Sowmya Ramesh
FALCON-1027.v1.patch
27/Aug/15 18:14
187 kB
Sowmya Ramesh
FALCON-1027.v2.patch
31/Aug/15 17:54
186 kB
Sowmya Ramesh
FALCON-1027.V3.patch
15/Sep/15 00:39
181 kB
Sowmya Ramesh

Issue Links

contains

FALCON-1418 Update Rest API twiki for proxy support

Resolved

links to

RB Link

Sub-Tasks

There are no Sub-Tasks for this issue.

Activity

People

Assignee:: Sowmya Ramesh

Reporter:: kenneth ho

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 15/Feb/15 21:06

Updated:: 08/Feb/16 19:04

Resolved:: 15/Sep/15 01:47