Configuring Authorization Support in WASB
To
enable authorization support in WASB, set the following property in
core-site.xml
:
<property> <name>fs.azure.authorization</name> <value>true</value> </property>
The current implementation of authorization relies on the presence of an external
service that can enforce the authorization. The service is expected to be running on a URL
provided by the following configuration, which should also be set in
core-site.xml
:
<property> <name>fs.azure.authorization.remote.service.url</name> <value>{URL}</value> </property>
The remote service is expected to provide support for the following REST call:
{URL}/CHECK_AUTHORIZATION
An example request:
{URL}/CHECK_AUTHORIZATION?wasb_absolute_path=<absolute_path>&operation_type=<operation
type>&delegation_token=<delegation token>
The service is expected to return a response in JSON format:
{ "responseCode" : 0 or non-zero <int>, "responseMessage" : relevant message on failure <String>, "authorizationResult" : true/false <boolean> }