Prabhu Joseph created HDFS-14525:
------------------------------------
Summary: JspHelper ignores hadoop.http.authentication.type
Key: HDFS-14525
URL: https://issues.apache.org/jira/browse/HDFS-14525
Project: Hadoop HDFS
Issue Type: Bug
Components: webhdfs
Affects Versions: 3.2.0
Reporter: Prabhu Joseph
On Secure Cluster With hadoop.http.authentication.type simple and
hadoop.http.authentication.anonymous.allowed is true, WebHdfs Rest Api fails
when user.name is not set. It runs fine if user.name=ambari-qa is set..
{code}
[knox@pjosephdocker-1 ~]$ curl -sS -L -w '%{http_code}' -X GET -d '' -H
'Content-Length: 0' --negotiate -u :
'http://pjosephdocker-1.openstacklocal:50070/webhdfs/v1/services/sync/yarn-ats?op=GETFILESTATUS'
{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed
to obtain user group information: java.io.IOException: Security enabled but
user not authenticated by filter"}}403[knox@pjosephdocker-1 ~]$
{code}
JspHelper#getUGI checks UserGroupInformation.isSecurityEnabled() instead of
conf.get(hadoop.http.authentication.type).equals("kerberos") to check if Http
is Secure causing the issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
