[
https://issues.apache.org/jira/browse/HADOOP-10596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13996109#comment-13996109
]
Zhijie Shen commented on HADOOP-10596:
--------------------------------------
bq. For example, secret file is an implementation of the filter, it should not
be exposed in HttpServer2
Right, it's the config of the filter. However, we already live with the similar
thing in the current HttpServer2. See:
{code}
params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
{code}
bq. Under what circumstances you only want to parts of the HttpServer to be
authenticated?
I'm not sure I understand your question here. I think the existing code can not
protect the web since it doesn't apply the filter to any urls. I changed it to
protect all urls, as I think once the authentication is enabled, all the web
resources should be secured. Please let me know if it is not the case.
> HttpServer2 should apply the authentication filter to some urls instead of
> null
> -------------------------------------------------------------------------------
>
> Key: HADOOP-10596
> URL: https://issues.apache.org/jira/browse/HADOOP-10596
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Zhijie Shen
> Assignee: Zhijie Shen
> Attachments: HADOOP-10596.1.patch
>
>
> HttpServer2 should apply the authentication filter to some urls instead of
> null. In addition, it should be more flexible for users to configure SPNEGO.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
