[HBASE-17099] Is there a plan to support auth connection by username/password like mysql or redis - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Brainstorming
Status: Resolved
Priority: Trivial
Resolution: Invalid
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:
None

Description

Product managers ask our hbase cluster to support auth connection by username/password.

  private boolean authorizeConnection() throws IOException {
      try {
        // If auth method is DIGEST, the token was obtained by the
        // real user for the effective user, therefore not required to
        // authorize real user. doAs is allowed only for simple or kerberos
        // authentication
        if (user != null && user.getRealUser() != null
            && (authMethod != AuthMethod.DIGEST)) {
          ProxyUsers.authorize(user, this.getHostAddress(), conf);
        }
        authorize(user, connectionHeader, getHostInetAddress());
        metrics.authorizationSuccess();
      } catch (AuthorizationException ae) {
        if (LOG.isDebugEnabled()) {
          LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);
        }
        metrics.authorizationFailure();
        setupResponse(authFailedResponse, authFailedCall,
          new AccessDeniedException(ae), ae.getMessage());
        responder.doRespond(authFailedCall);
        return false;
      }
      return true;
    }

Whether can add a connectionAuthorrizer in method authorizeConnection of class RpcServer to auth connection by init the handler from conf.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: liubangchen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Nov/16 13:00

Updated:: 25/Oct/22 08:54

Resolved:: 31/May/17 12:58