[jira] [Commented] (HDFS-14609) RBF: Security should use common AuthenticationFilter

Mon, 01 Jul 2019 14:21:15 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-14609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16876513#comment-16876513
 ] 

CR Hota commented on HDFS-14609:
--------------------------------

[Eric Yang|http://jira/secure/ViewProfile.jspa?name=eyang] Thanks for the 
detailed explanation. Apologies for a delayed response.

For TestRouterWithSecureStartup#testStartupWithoutSpnegoPrincipal

Since the test was fine earlier, we will just remove the test as it wont make 
such sense now considering the generic 
hadoop.http.authentication.kerberos.principal is to be used to grab the spnego 
principal. In any case, it's still unclear to me why this was working just fine 
earlier with same version of AbstractService. This would need some more digging.

For TestRouterHttpDelegationToken

We wanted to make sure for webhdfs, some tests were done to see if tokens could 
be generated by router's security manager. This was NOT intended to do a E2E 
security test. Again router works just fine as it inherits namenode 
implementation, but we may need to modify the test to inject an appropriate no 
auth filter and bypass auth to maintain the rationale behind the test.

[~tasanuma] Do you have any cycles to help with this? Will be out of office 
soon, but I will be happy to help review and guide you. Feel free to assign 
this to yourself if you work.

 

> RBF: Security should use common AuthenticationFilter
> ----------------------------------------------------
>
>                 Key: HDFS-14609
>                 URL: https://issues.apache.org/jira/browse/HDFS-14609
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: CR Hota
>            Assignee: CR Hota
>            Priority: Major
>
> We worked on router based federation security as part of HDFS-13532. We kept 
> it compatible with the way namenode works. However with HADOOP-16314 and 
> HDFS-16354 in trunk, auth filters seems to have been changed causing tests to 
> fail.
> Changes are needed appropriately in RBF, mainly fixing broken tests.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to