Hello All,
We have configured Ranger plugin for Storm authorization and its kerberos
cluster.
We have disabled by HTTP authentication, by changing the configuration
ui.filter as null
We can able to view the UI, but if we send any request request like
getTopology, its failing (as the user is considered as null)
*Curl Output :*
HTTP/1.1 500 Server Error
Date: Thu, 11 Jan 2018 21:42:45 GMT
Cache-Control: no-cache, no-store
Content-Type: application/json;charset=utf-8
Content-Length: 5459
Server: Jetty(7.x.y-SNAPSHOT)
{"error":"Internal Server
Error","errorMessage":"AuthorizationException(msg:UI request 'getTopology'
for 'unknown' user is not authorized)\n\tat
org.apache.storm.ui.core$assert_authorized_user.invoke(core.clj:109)\n\tat
org.apache.storm.ui.core$fn__10090.invoke(core.clj:1060)
*Storm Log :*
2018-01-12 08:42:45.723 o.a.r.a.s.a.RangerStormAuthorizer qtp192318053-37
[INFO] NULL User found from principal [null]: Skipping authorization;
allowedFlag => [false], Audit Enabled:false
2018-01-12 08:42:45.723 o.a.r.a.s.a.RangerStormAuthorizer qtp192318053-37
[DEBUG] [req 4] Access from: [null] user: [null], op:
[getTopology],topology: [crowdstrike] => returns [false], Audit
Enabled:false
2018-01-12 08:42:45.723 o.a.r.p.c.RangerPluginClassLoader qtp192318053-37
[DEBUG] ==> RangerPluginClassLoader.deactivate()
2018-01-12 08:42:45.723 o.a.r.p.c.RangerPluginClassLoader qtp192318053-37
[DEBUG] <== RangerPluginClassLoader.deactivate()
2018-01-12 08:42:45.723 o.a.r.a.s.a.RangerStormAuthorizer qtp192318053-37
[DEBUG] <== RangerStormAuthorizer.permit()
2018-01-12 08:42:45.724 o.a.s.s.o.e.j.s.Server qtp192318053-37 [DEBUG]
RESPONSE /api/v1/topology/crowdstrike-2-1508896804 500 handled=true
If we configure ui.filter:
"org.apache.hadoop.security.authentication.server.AuthenticationFilter"
The curl output is as expected, we dont get any authorization failure.
We want to disable UI authentication.
Are we doing any mistake over here, is there anyway to avoid this issue,
please suggest, thanks
Regards,
Prakash R
