Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13707

If kerberos is enabled while HTTP SPNEGO is not configured, some links cannot be accessed

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.8.0, 3.0.0-alpha2
    • None

    Description

      In HttpServer2#hasAdministratorAccess, it uses `hadoop.security.authorization` to detect whether HTTP is authenticated.
      It's not correct, because enabling Kerberos and HTTP SPNEGO are two steps. If Kerberos is enabled while HTTP SPNEGO is not, some links cannot be accessed, such as "/logs", and it will return error message as below:

      HTTP ERROR 403
      Problem accessing /logs/. Reason:
      User dr.who is unauthorized to access this page.

      We should make sure HttpServletRequest#getAuthType is not null before we invoke HttpServer2#hasAdministratorAccess.

      getAuthType means to get the authorization scheme of this request

      Attachments

        1. HADOOP-13707.001.patch
          2 kB
          Yuanbo Liu
        2. HADOOP-13707.002.patch
          7 kB
          Yuanbo Liu
        3. HADOOP-13707.003.patch
          11 kB
          Yuanbo Liu
        4. HADOOP-13707.004.patch
          11 kB
          Yuanbo Liu
        5. HADOOP-13707-branch-2.8.patch
          11 kB
          Yuanbo Liu
        6. HADOOP-13707-branch-2.patch
          12 kB
          Yuanbo Liu
        7. HADOOP-13707-branch-2-addendum.patch
          0.8 kB
          Brahma Reddy Battula

        Issue Links

          Activity

            People

              yuanbo Yuanbo Liu
              yuanbo Yuanbo Liu
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: