Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Accumulo, mail # dev - Re: AccumuloToken


+
John Vines 2013-01-28, 19:52
Copy link to this message
-
AccumuloToken
Eric Newton 2013-01-28, 15:18
I'm having some problems with AccumuloToken.  Christopher has already
brought it up in IRC, and I agree.  I'm putting it out on the list for a
more inclusive discussion.

I don't like exposing thrift as the serialization mechanism.  In
particular, this just hurts my eyes:

public interface AccumuloToken
<T extends TBase<?,?>, F extends TFieldIdEnum> extends TBase<T, F>,
Destroyable {
...
}

Is there some reason this is not just:

public interface AccumuloToken extends Writable, Destroyable {
...
}

I've switched this in my local development environment and it seems to work
just fine.

I don't like the class name.  Is there some reason why Accumulo isn't just
assumed and we call this Token or Credential, or even SecurityToken?

I don't like the rest of the code being littered with deprecation warnings.
 If we're not willing to switch the code over to The New Way, why should we
expect our users?

Are there not some security implications of dynamic class loading for
authorization when the class name is specified *by the remote caller*?

And I know a punched the Proxy in at the last second, but is there
something we should do with security to avoid changes to this new API?

-Eric
+
John Vines 2013-01-28, 17:13
+
Eric Newton 2013-01-28, 19:17
+
Christopher 2013-01-28, 20:14
+
John Vines 2013-01-28, 19:35
+
Keith Turner 2013-01-28, 18:23