[
https://issues.apache.org/jira/browse/HBASE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15898990#comment-15898990
]
Pan Yuxuan commented on HBASE-17701:
------------------------------------
[~elserj]
Hadoop has a Pseudo/Simple authentication, we can use a query string parameter,
e.g. http://localhost:8088/cluster?user.name=babu.
(http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/HttpAuthentication.html)
Then a token with username babu will be generated and be stored as a cookie in
the browser that means the request has been authenticated.
The authentication is simple, but sometimes we don't want to use kerberos for
web ui and want use some easier ways for web ui authentication.
Maybe just add a HadoopAuthFilterInitializer is not enouth. If we want to add a
web filter, we must add a new class which extends the
org.apache.hadoop.hbase.http.FilterInitializer.
I want to do some works, make HBase support some third party web filters which
just implement the javax.servlet.Filter interface and not extend the
org.apache.hadoop.hbase.http.FilterInitializer.
> Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for
> hbase web ui
> ----------------------------------------------------------------------------------------
>
> Key: HBASE-17701
> URL: https://issues.apache.org/jira/browse/HBASE-17701
> Project: HBase
> Issue Type: Improvement
> Components: UI
> Affects Versions: 1.2.4
> Reporter: Pan Yuxuan
> Attachments: HBASE-17701.v1.patch
>
>
> The HBase web UI is none secure by default, there is only one
> StaticUserWebFilter for a fake user.
> For Hadoop, we already have AuthenticationFilter for web authentication based
> on token or kerberos. So I think hbase can reuse the hadoop-auth
> AuthenticationFilter by adding a HadoopAuthFilterInitializer.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
