[
https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14381367#comment-14381367
]
Sangjin Lee commented on HADOOP-10670:
--------------------------------------
I believe this breaks the RM. Prior to this JIRA,
RMAuthenticationFilterInitializer threw an exception only if security was
enabled (see l.99):
{code}
95 } catch (IOException ex) {
96 // if running in non-secure mode, this filter only gets added
97 // because the user has not setup his own filter so just
generate
98 // a random secret. in secure mode, the user needs to setup
security
99 if (UserGroupInformation.isSecurityEnabled()) {
100 throw new RuntimeException(
101 "Could not read HTTP signature secret file: " +
signatureSecretFile);
102 }
103 } finally {
104 IOUtils.closeQuietly(reader);
105 }
{code}
Now it appears that this check has been removed.
> Allow AuthenticationFilters to load secret from signature secret files
> ----------------------------------------------------------------------
>
> Key: HADOOP-10670
> URL: https://issues.apache.org/jira/browse/HADOOP-10670
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Priority: Minor
> Fix For: 2.7.0
>
> Attachments: HADOOP-10670-v4.patch, HADOOP-10670-v5.patch,
> HADOOP-10670-v6.patch, hadoop-10670-v2.patch, hadoop-10670-v3.patch,
> hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed
> to configure AuthenticationFilter for the required signature secret by
> specifying signature.secret.file property. This improvement would also allow
> this when AuthenticationFilterInitializer isn't used in situations like
> webhdfs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
