[jira] [Comment Edited] (FLINK-21108) Flink runtime rest server and history server webmonitor do not require authentication.

Xiaoguang Sun (Jira) Sat, 06 Feb 2021 07:26:07 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-21108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17280218#comment-17280218
 ]


Xiaoguang Sun edited comment on FLINK-21108 at 2/6/21, 3:25 PM:
----------------------------------------------------------------

Without extra module installed both nginx and HAProxy only support [The 'Basic' 
HTTP Authentication Scheme|https://tools.ietf.org/html/rfc7617]. Therefore we 
can start from basic auth at beginning and support other schemes later on.

Adding these config options will be good enough for basic auth and leave it 
open to implement more authentication scheme in the future, digest for example.

rest.auth.basic.realm: auth realm
rest.auth.basic.username: user
rest.auth.basic.password: pass

The implementation for basic auth is pretty simple and straightforward. Simply 
encode credentials and send it with Authorization header will be sufficient. To 
make it behave as the standard expected, we can resend the request with 
credential only when there is authentication challenges from response.


was (Author: xexplorer):
Without extra module installed both nginx and HAProxy only support [The 'Basic' 
HTTP Authentication Scheme|https://tools.ietf.org/html/rfc7617]. Therefore we 
can start from basic auth at beginning.

Adding these config options will be good enough for basic auth and leave it 
open to implement more authentication scheme in the future, digest for example.

rest.auth.basic.realm: auth realm
rest.auth.basic.username: user
rest.auth.basic.password: pass

The implementation for basic auth is pretty simple and straightforward. Simply 
encode credentials and send it with Authorization header will be sufficient. To 
make it behave as the standard expected, we can resend the request with 
credential only when there is authentication challenges from response.

> Flink runtime rest server and history server webmonitor do not require 
> authentication.
> --------------------------------------------------------------------------------------
>
>                 Key: FLINK-21108
>                 URL: https://issues.apache.org/jira/browse/FLINK-21108
>             Project: Flink
>          Issue Type: New Feature
>          Components: Runtime / REST, Runtime / Web Frontend
>            Reporter: Xiaoguang Sun
>            Assignee: Xiaoguang Sun
>            Priority: Major
>              Labels: pull-request-available
>
> Flink runtime rest server and history server webmonitor do not require 
> authentication. At certain scenarios, prohibiting unauthorized access is 
> desired. Http basic authentication can be used here.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (FLINK-21108) Flink runtime rest server and history server webmonitor do not require authentication.

Reply via email to