[HDFS-4542] Webhdfs doesn't support secure proxy users - ASF JIRA

Details

Type: Sub-task
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 0.23.0, 2.0.0-alpha, 3.0.0-alpha1
Fix Version/s: 0.23.7, 2.1.0-beta
Component/s: webhdfs
Labels:
None

Target Version/s:

0.23.7, 2.1.0-beta

Description

Webhdfs doesn't ever send the DoAsParam in the REST calls for proxy users. Proxy users on a non-secure cluster "work" because the server sees them as the effective user, not a proxy user, which effectively bypasses the proxy authorization checks. On secure clusters, it doesn't work at all in part due to wrong ugi being used for the connection (~~HDFS-3367~~), but then it fails because the effective user tries to use a non-proxy token for the real user.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

HDFS-4542.patch
01/Mar/13 21:30
19 kB
Daryn Sharp
HDFS-4542.patch
04/Mar/13 16:55
19 kB
Daryn Sharp
HDFS-4542.branch-23.patch
04/Mar/13 15:18
19 kB
Daryn Sharp

Issue Links

depends upon

HADOOP-9352 Expose UGI.setLoginUser for tests

Closed

is required by

HDFS-3367 WebHDFS doesn't use the logged in user when opening connections

Resolved

relates to

HDFS-4560 Webhdfs cannot use tokens obtained by another user

Closed

Activity

People

Assignee:

Daryn Sharp

Reporter:

Daryn Sharp

Votes:

0 Vote for this issue

Watchers:

9 Start watching this issue

Dates

Created:

01/Mar/13 21:27

Updated:

12/May/16 18:14

Resolved:

05/Mar/13 20:23