[jira] [Commented] (HDFS-14525) JspHelper ignores hadoop.http.authentication.type

Thu, 30 May 2019 12:25:55 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-14525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16852267#comment-16852267
 ] 

Prabhu Joseph commented on HDFS-14525:
--------------------------------------

bq. You actually want a secure cluster to accept anonymous users?  Why do you 
even have security enabled?

Then why we have a separate config 
hadoop.http.authentication.simple.anonymous.allowed which adds complexity in 
testing all the scenarios while making new changes.

Yes the proposed change is wrong. I think the below will work.

{code}
 UserGroupInformation.isSecurityEnabled()  && 
!conf.get(hadoop.http.authentication.type).equals("simple") 
{code}





> JspHelper ignores hadoop.http.authentication.type
> -------------------------------------------------
>
>                 Key: HDFS-14525
>                 URL: https://issues.apache.org/jira/browse/HDFS-14525
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: webhdfs
>    Affects Versions: 3.2.0
>            Reporter: Prabhu Joseph
>            Priority: Major
>
> On Secure Cluster With hadoop.http.authentication.type simple and 
> hadoop.http.authentication.anonymous.allowed is true, WebHdfs Rest Api fails 
> when user.name is not set. It runs fine if user.name=ambari-qa is set..
> {code}
> [knox@pjosephdocker-1 ~]$ curl -sS -L -w '%{http_code}' -X GET -d '' -H 
> 'Content-Length: 0' --negotiate -u : 
> 'http://pjosephdocker-1.openstacklocal:50070/webhdfs/v1/services/sync/yarn-ats?op=GETFILESTATUS'
> {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed
>  to obtain user group information: java.io.IOException: Security enabled but 
> user not authenticated by filter"}}403[knox@pjosephdocker-1 ~]$ 
> {code}
> JspHelper#getUGI checks UserGroupInformation.isSecurityEnabled() instead of 
> conf.get(hadoop.http.authentication.type).equals("kerberos") to check if Http 
> is Secure causing the issue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to