[ https://issues.apache.org/jira/browse/HADOOP-16366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864291#comment-16864291 ]
Prabhu Joseph commented on HADOOP-16366: ---------------------------------------- Thanks [~eyang]. > Fix TimelineReaderServer ignores ProxyUserAuthenticationFilterInitializer > ------------------------------------------------------------------------- > > Key: HADOOP-16366 > URL: https://issues.apache.org/jira/browse/HADOOP-16366 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Affects Versions: 3.3.0 > Reporter: Prabhu Joseph > Assignee: Prabhu Joseph > Priority: Major > Fix For: 3.3.0 > > Attachments: HADOOP-16366-001.patch, HADOOP-16366-002.patch, > HADOOP-16366-003.patch > > > YARNUIV2 fails with "Request is a replay attack" when below settings > configured. > {code:java} > hadoop.security.authentication = kerberos > hadoop.http.authentication.type = kerberos > hadoop.http.filter.initializers = > org.apache.hadoop.security.AuthenticationFilterInitializer > yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled = false{code} > AuthenticationFilter is added twice by the Yarn UI2 Context causing the > issue. > {code:java} > 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil > (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter > Name:authentication, > className=org.apache.hadoop.security.authentication.server.AuthenticationFilter > 2019-06-12 11:59:43,900 INFO webapp.RMWebAppUtil > (RMWebAppUtil.java:addFiltersForUI2Context(483)) - UI2 context filter > Name:authentication, > className=org.apache.hadoop.security.authentication.server.AuthenticationFilter > {code} > > Another issue with {{TimelineReaderServer}} which ignores > {{ProxyUserAuthenticationFilterInitializer}} when > {{hadoop.http.filter.initializers}} is configured. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org