[HDFS-14525] JspHelper ignores hadoop.http.authentication.type - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: 3.2.0
Fix Version/s: None
Component/s: webhdfs
Labels:
None

Description

On Secure Cluster With hadoop.http.authentication.type simple and hadoop.http.authentication.anonymous.allowed is true, WebHdfs Rest Api fails when user.name is not set. It runs fine if user.name=ambari-qa is set..


[knox@pjosephdocker-1 ~]$ curl -sS -L -w '%{http_code}' -X GET -d '' -H 'Content-Length: 0' --negotiate -u : 'http://pjosephdocker-1.openstacklocal:50070/webhdfs/v1/services/sync/yarn-ats?op=GETFILESTATUS'
{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Security enabled but user not authenticated by filter"}}403[knox@pjosephdocker-1 ~]$

JspHelper#getUGI checks UserGroupInformation.isSecurityEnabled() instead of conf.get(hadoop.http.authentication.type).equals("kerberos") to check if Http is Secure causing the issue.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned

Reporter:: Prabhu Joseph

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 30/May/19 21:47

Updated:: 22/Apr/21 09:52

Resolved:: 03/Jun/19 09:18

Agile

View on Board

JspHelper ignores hadoop.http.authentication.type