[
https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14381392#comment-14381392
]
Kai Zheng commented on HADOOP-10670:
------------------------------------
Thanks for your helpful information. You're right there can be problem
introduced by this work. The work here assumes if the property
{{hadoop.http.authentication.signature.secret.file}} is set, then the file
should be there, and it will attempt to read the file. If the file isn't there,
it will report the exception as you attached. Maybe we can have more check, not
only checking the property, but also checking the file should be there
available for reading ? Kinds of little awkward, but should fix the problem.
Another clean approach is we could avoid having the default property value ?
> Allow AuthenticationFilters to load secret from signature secret files
> ----------------------------------------------------------------------
>
> Key: HADOOP-10670
> URL: https://issues.apache.org/jira/browse/HADOOP-10670
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Priority: Minor
> Fix For: 2.7.0
>
> Attachments: HADOOP-10670-v4.patch, HADOOP-10670-v5.patch,
> HADOOP-10670-v6.patch, hadoop-10670-v2.patch, hadoop-10670-v3.patch,
> hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed
> to configure AuthenticationFilter for the required signature secret by
> specifying signature.secret.file property. This improvement would also allow
> this when AuthenticationFilterInitializer isn't used in situations like
> webhdfs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
