Description
Search before asking
- I had searched in the issues and found no similar issues.
Description
Currently, doris supports access to fe / be only through http protocol, not https protocol. In addition, http does not perform interface authentication, which may cause security problems.
Solution
Add http interface authentication and support https for doris, eliminate potential security risks and strengthen enterprise-level security support.
Support https protocol and interface authentication
The current SpringBoot version is 2.7.8, and the corresponding jetty version is jetty9. When the redirection from http to https is implemented through configuration, default redirection code is 303. For GET requests, the redirection code is not affected, but for POST and PUT requests, The 303 redirection will directly discard the request body, resulting in empty subsequent data. Take StreamLoadAction as an example, after redirection, the amount of imported data is always 0.
According to the investigation, the redirection code can be configured only when jetty11 or later, and its JDK version requires 17 or later, while the current JDK version of doris is 8, which does not meet the requirements.
There are two solutions:
- Implement jetty's SecuredRedirectHandler class to configure the redirection code. However, after adding SecuredRedirectHandler to the server, SpringBoot fails to start and lacks context information. we neet to upgrade SpringSoot, and the requirements for JDK version are too high.
- Configure the redirection mode for GET requests and customize the redirection mode for POST and PUT requests by manually setting redirection url and redirection code.
So I finally choose to use the second way to achieve.
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct]
Activity