[
https://issues.apache.org/jira/browse/HADOOP-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13698641#comment-13698641
]
fang fang chen commented on HADOOP-9679:
----------------------------------------
Thanks Alejandro. Actually, I have overwritten getConfiguration(String
configPrefix, FilterConfig filterConfig), and am trying to testing whether
these properties can be passed to KerberosAuthenticationHandler.authenticate(..
, ..) part.
OK, for the usage inside hadoop, I agree this is not a bug. Because we always
assume user should have done UGI 'ensureInitialized()' before invoke
KerberosName and if user did not set this property, hadoop will use "DEFAULT"
as default value. So this is not an init thing for the design inside hadoop,
and I think it reasonable to provide a default value if user did not set it.
Then for the usage outside hadoop, this is an init thing. As user need to set
kerberos.name.rules before using hadoop-auth to add kerberos support to a web
servlet. If things is like this, then I think at least it's better to remind
user to set this property if user did not than just print out a
"NullPointerException".
Actually, both are OK for me to add this property at web servlet side or
hadoop-auth provide a dafult value in hadoop side. I just want to make this
usage of hadoop-auth to be more smarter and simple.
Again, as I mentioned in my previous comment. I think the usage of hadoop
kerberos authentication can be expanded. At least, maybe we can provide user a
document to show that how to add kerberos support via hadoop-auth classes.
> KerberosName.rules are not initialized during adding kerberos support to a
> web servlet using hadoop authentications
> -------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9679
> URL: https://issues.apache.org/jira/browse/HADOOP-9679
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 1.1.1, 2.0.4-alpha
> Reporter: fang fang chen
> Fix For: 2.1.0-beta
>
> Attachments: HADOOP-9679.patch
>
>
> I am using hadoop-1.1.1 to add kerberos authentication to a web service. But
> found rules are not initialized, that makes following error happened:
> java.lang.NullPointerException
> at
> org.apache.hadoop.security.KerberosName.getShortName(KerberosName.java:384)
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:328)
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:302)
> at
> java.security.AccessController.doPrivileged(AccessController.java:310)
> at javax.security.auth.Subject.doAs(Subject.java:573)
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:302)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:340)
> Seems in hadoop-2.0.4-alpha branch, this issue still is still there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
