On Fri, Feb 7, 2014 at 6:50 PM, Pritchard, Charles X. -ND < charles.x.pritchard....@disney.com> wrote:
> I’d like to be able to use the client CN in subsequent > configuration/routing parameters. > The bulk of the Flume config (e.g. selectors, sinks) works with event > headers. > Does it need to be the client CN? Can it be the client hostname? If so, why not just add that info to the event on the client side or with a hostname interceptor on the previous hop? > At the point the event is submitted, we’ve confirmed that the cert is > valid and we can add a timestamp [if really really needed] via interceptor. > This is meant to be client-facing — that is, the client is connecting to > AvroSource using an SSL cert. > I don't think I fully understand why you're doing it this way, but I guess you're saying you want to mark the event as having been accepted from a validated source, and you want to identify that source. Another way to do this is to have the client mark his event with some source header, and have an interceptor that marks that the event made it through the source with some tag. Do you think that would be sufficient? I see what you're saying about the responder though... because it's an Avro thing, you might have to modify Avro code to get to the SSL context. Might be tricky. I haven't spent a lot of time on this but maybe you could write a responder that hands off the request to the avro responder after doing whatever it needs to do. I see what you're saying though, because of the way the Avro proxy stuff works, it goes through a bunch of funky reflection, etc. That makes it hard to get back out once you go in, if you know what I'm saying. If I do understand what you’re saying: any other servers in a distributed > flow are not going to be looking at the client SSL cert, of course, > wouldn’t make any sense. > Most of them aren’t using SSL either, as it’s within a trusted network at > that point. > Yeah, that was my point. :) Mike > > > -Charles > > On Feb 7, 2014, at 6:33 PM, Mike Percy <mpe...@apache.org> wrote: > > On Fri, Feb 7, 2014 at 5:15 PM, Pritchard, Charles X. -ND < > charles.x.pritchard....@disney.com> wrote: >> >> I’m finding it a challenge to see where in the AvroSource class I could >> actually push the data into Event headers. >> All of those methods are stateless when it comes to the connection — they >> have no access to ChannelHandlerContext. >> > > Hmm, ok that's what I didn't understand. You want the event header to > contain the client CN? If so, why? Events are persistent data units that > may live long after a single connection in a multi-hop distributed flow. > > Mike > > >
