Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
In HttpServer2#hasAdministratorAccess, it uses `hadoop.security.authorization` to detect whether HTTP is authenticated.
It's not correct, because enabling Kerberos and HTTP SPNEGO are two steps. If Kerberos is enabled while HTTP SPNEGO is not, some links cannot be accessed, such as "/logs", and it will return error message as below:
HTTP ERROR 403
Problem accessing /logs/. Reason:
User dr.who is unauthorized to access this page.
We should make sure HttpServletRequest#getAuthType is not null before we invoke HttpServer2#hasAdministratorAccess.
getAuthType means to get the authorization scheme of this request
Attachments
Attachments
Issue Links
- breaks
-
HADOOP-14024 KMS JMX endpoint throws ClassNotFoundException
- Resolved
- is related to
-
HADOOP-13119 Add ability to secure log servlet using proxy users
- Resolved