[
https://issues.apache.org/jira/browse/HDFS-14609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16910922#comment-16910922
]
Chen Zhang commented on HDFS-14609:
-----------------------------------
Thanks [~crh] for your comments.
{quote}It's not clear why hadoop-hdfs changes are needed in this context.
{quote}
HDFS-14434 ignores user.name query parameter in secure WebHDFS, but theĀ
PseudoAuthenticationHandler can still leverage this parameter to pass the
kerberos authentication, as you mentioned before:
{quote} we may need to modify the test to inject an appropriate no auth filter
and bypass auth to maintain the rationale behind the test
{quote}
If we want to bypass the kerberos authentication, we have to use the user.name
parameter, and now the only way we can do this is to send request through URL
directly, instead of through \{{WebHdfsFileSystem}}. So we have to do some work
to process request and response, I want to reuse the logic in
\{{WebHdfsFileSystem}}, but lots of interface can't be accessed out of package,
so I have to expose these interfaces through \{{WebHdfsTestUtil}}, that's why
we need to modify the hadoop-hdfs project.
Do you think it make sense?
> RBF: Security should use common AuthenticationFilter
> ----------------------------------------------------
>
> Key: HDFS-14609
> URL: https://issues.apache.org/jira/browse/HDFS-14609
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: CR Hota
> Assignee: Chen Zhang
> Priority: Major
> Attachments: HDFS-14609.001.patch, HDFS-14609.002.patch
>
>
> We worked on router based federation security as part of HDFS-13532. We kept
> it compatible with the way namenode works. However with HADOOP-16314 and
> HDFS-16354 in trunk, auth filters seems to have been changed causing tests to
> fail.
> Changes are needed appropriately in RBF, mainly fixing broken tests.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
