[
https://issues.apache.org/jira/browse/HBASE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15902349#comment-15902349
]
Jerry He commented on HBASE-17701:
----------------------------------
Hi, [~panyuxuan]
I see what you try to accomplish. But it is not necessary to pull in
HadoopAuthFilterInitializer and to use the hadoop.http.authentication.*
properties.
HBASE-5291's implementation is consistent with the hadoop htttp way since it
uses the hadoop AuthenticationFilter. The thing is that the parameter to
AuthenticationFilter is hard set to 'kerberos' if the hbase ui security in on.
hadoop AuthenticationFilter is designed to be more flexible in the sense that
it can accept other AuthenticationHandler implementation, i.e. custom
authentication class name.
[Here|https://hadoop.apache.org/docs/r2.7.2/hadoop-auth/Configuration.html].
You should be able to provide a patch that improves and make the current
implementation flexible instead of entirely pulling in
HadoopAuthFilterInitializer.
> Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for
> hbase web ui
> ----------------------------------------------------------------------------------------
>
> Key: HBASE-17701
> URL: https://issues.apache.org/jira/browse/HBASE-17701
> Project: HBase
> Issue Type: Improvement
> Components: UI
> Affects Versions: 1.2.4
> Reporter: Pan Yuxuan
> Attachments: HBASE-17701.v1.patch
>
>
> The HBase web UI is none secure by default, there is only one
> StaticUserWebFilter for a fake user.
> For Hadoop, we already have AuthenticationFilter for web authentication based
> on token or kerberos. So I think hbase can reuse the hadoop-auth
> AuthenticationFilter by adding a HadoopAuthFilterInitializer.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
