[HDFS-4542] Webhdfs doesn't support secure proxy users - ASF JIRA

Details

Type: Sub-task
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 0.23.0, 2.0.0-alpha, 3.0.0
Fix Version/s: 3.0.0, 0.23.7, 2.1.0-beta
Component/s: webhdfs
Labels:
None

Target Version/s:

3.0.0, 0.23.7, 2.1.0-beta

Description

Webhdfs doesn't ever send the DoAsParam in the REST calls for proxy users. Proxy users on a non-secure cluster "work" because the server sees them as the effective user, not a proxy user, which effectively bypasses the proxy authorization checks. On secure clusters, it doesn't work at all in part due to wrong ugi being used for the connection (~~HDFS-3367~~), but then it fails because the effective user tries to use a non-proxy token for the real user.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

HDFS-4542.patch

01/Mar/13 21:30

19 kB

Daryn Sharp
HDFS-4542.patch

04/Mar/13 16:55

19 kB

Daryn Sharp
HDFS-4542.branch-23.patch

04/Mar/13 15:18

19 kB

Daryn Sharp

Issue Links

depends upon

HADOOP-9352 Expose UGI.setLoginUser for tests

Closed

is required by

HDFS-3367 WebHDFS doesn't use the logged in user when opening connections

Resolved

relates to

HDFS-4560 Webhdfs cannot use tokens obtained by another user

Closed

Activity

People

Assignee:

Daryn Sharp

Reporter:

Daryn Sharp

Votes:

0 Vote for this issue

Watchers:

10 Start watching this issue

Dates

Created:

01/Mar/13 21:27

Updated:

27/Aug/13 23:08

Resolved:

05/Mar/13 20:23

Development

Agile

View on Board