Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-9760

WebHDFS AuthFilter cannot be configured with custom AltKerberos auth handler

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: webhdfs
    • Labels:
      None
    • Target Version/s:

      Description

      Currently the WebHDFS AuthFilter selects its authentication type based on a call to UserGroupInformation.isSecurityEnabled() with only two choices, KerberosAuthentication or PsuedoAuthentication. Thus there is no condition where the WebHDFS server can be configured with a custom AltKerberos authentication handler.

      Additionally, at the time the WebHDFS AuthFilter is initialized the method getAuthFilterParams(conf) is called in NameNodeHttpServer which picks and chooses a certain few configurations with the prefix 'dfs.web.authentication'. The issue is this method strips away the configuration that could set the authentication type AND additional configurations that are specific to the custom auth handler (using the prefix 'dfs.web.authentication.alt-kerberos').

      The consequence of this lack of configurability is that a user that makes authenticated access to the namenode web UI (through a custom authentication handler) will not be able to access the namenode file browser (because it is making ajax calls to WebHDFS that has a different authentication type).

        Activity

        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 19s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
        0 mvndep 0m 8s Maven dependency ordering for branch
        +1 mvninstall 7m 32s trunk passed
        +1 compile 0m 58s trunk passed with JDK v1.8.0_66
        +1 compile 0m 46s trunk passed with JDK v1.7.0_91
        +1 checkstyle 0m 20s trunk passed
        +1 mvnsite 0m 57s trunk passed
        +1 mvneclipse 0m 13s trunk passed
        +1 findbugs 2m 4s trunk passed
        +1 javadoc 1m 22s trunk passed with JDK v1.8.0_66
        +1 javadoc 2m 4s trunk passed with JDK v1.7.0_91
        0 mvndep 0m 8s Maven dependency ordering for patch
        +1 mvninstall 0m 52s the patch passed
        +1 compile 0m 55s the patch passed with JDK v1.8.0_66
        +1 javac 0m 55s the patch passed
        +1 compile 0m 45s the patch passed with JDK v1.7.0_91
        +1 javac 0m 45s the patch passed
        +1 checkstyle 0m 20s the patch passed
        +1 mvnsite 1m 1s the patch passed
        +1 mvneclipse 0m 14s the patch passed
        +1 whitespace 0m 0s Patch has no whitespace issues.
        +1 findbugs 2m 18s the patch passed
        +1 javadoc 1m 16s the patch passed with JDK v1.8.0_66
        +1 javadoc 1m 55s the patch passed with JDK v1.7.0_91
        -1 unit 95m 53s hadoop-hdfs in the patch failed with JDK v1.8.0_66.
        -1 unit 87m 38s hadoop-hdfs in the patch failed with JDK v1.7.0_91.
        +1 asflicense 0m 26s Patch does not generate ASF License warnings.
        212m 51s



        Reason Tests
        JDK v1.8.0_66 Failed junit tests hadoop.hdfs.server.datanode.TestBlockScanner
          hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency
          hadoop.hdfs.TestPersistBlocks
          hadoop.hdfs.server.blockmanagement.TestBlockManager
          hadoop.hdfs.server.datanode.TestDataNodeMetrics
          hadoop.hdfs.security.TestDelegationTokenForProxyUser
          hadoop.hdfs.TestFileAppend
          hadoop.hdfs.TestSafeModeWithStripedFile
          hadoop.hdfs.server.namenode.TestFileTruncate
          hadoop.hdfs.server.namenode.ha.TestRequestHedgingProxyProvider
        JDK v1.7.0_91 Failed junit tests hadoop.hdfs.server.datanode.TestBlockScanner
          hadoop.hdfs.server.datanode.TestDirectoryScanner



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:0ca8df7
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12786344/HDFS-9760.patch
        JIRA Issue HDFS-9760
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux e4f34354be4c 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / 1bcfab8
        Default Java 1.7.0_91
        Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91
        findbugs v3.0.0
        unit https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.8.0_66.txt
        unit https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.7.0_91.txt
        unit test logs https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.8.0_66.txt https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.7.0_91.txt
        JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/14390/testReport/
        modules C: hadoop-hdfs-project/hadoop-hdfs U: hadoop-hdfs-project/hadoop-hdfs
        Max memory used 77MB
        Console output https://builds.apache.org/job/PreCommit-HDFS-Build/14390/console
        Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 19s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files. 0 mvndep 0m 8s Maven dependency ordering for branch +1 mvninstall 7m 32s trunk passed +1 compile 0m 58s trunk passed with JDK v1.8.0_66 +1 compile 0m 46s trunk passed with JDK v1.7.0_91 +1 checkstyle 0m 20s trunk passed +1 mvnsite 0m 57s trunk passed +1 mvneclipse 0m 13s trunk passed +1 findbugs 2m 4s trunk passed +1 javadoc 1m 22s trunk passed with JDK v1.8.0_66 +1 javadoc 2m 4s trunk passed with JDK v1.7.0_91 0 mvndep 0m 8s Maven dependency ordering for patch +1 mvninstall 0m 52s the patch passed +1 compile 0m 55s the patch passed with JDK v1.8.0_66 +1 javac 0m 55s the patch passed +1 compile 0m 45s the patch passed with JDK v1.7.0_91 +1 javac 0m 45s the patch passed +1 checkstyle 0m 20s the patch passed +1 mvnsite 1m 1s the patch passed +1 mvneclipse 0m 14s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 2m 18s the patch passed +1 javadoc 1m 16s the patch passed with JDK v1.8.0_66 +1 javadoc 1m 55s the patch passed with JDK v1.7.0_91 -1 unit 95m 53s hadoop-hdfs in the patch failed with JDK v1.8.0_66. -1 unit 87m 38s hadoop-hdfs in the patch failed with JDK v1.7.0_91. +1 asflicense 0m 26s Patch does not generate ASF License warnings. 212m 51s Reason Tests JDK v1.8.0_66 Failed junit tests hadoop.hdfs.server.datanode.TestBlockScanner   hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency   hadoop.hdfs.TestPersistBlocks   hadoop.hdfs.server.blockmanagement.TestBlockManager   hadoop.hdfs.server.datanode.TestDataNodeMetrics   hadoop.hdfs.security.TestDelegationTokenForProxyUser   hadoop.hdfs.TestFileAppend   hadoop.hdfs.TestSafeModeWithStripedFile   hadoop.hdfs.server.namenode.TestFileTruncate   hadoop.hdfs.server.namenode.ha.TestRequestHedgingProxyProvider JDK v1.7.0_91 Failed junit tests hadoop.hdfs.server.datanode.TestBlockScanner   hadoop.hdfs.server.datanode.TestDirectoryScanner Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12786344/HDFS-9760.patch JIRA Issue HDFS-9760 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux e4f34354be4c 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 1bcfab8 Default Java 1.7.0_91 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91 findbugs v3.0.0 unit https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.8.0_66.txt unit https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.7.0_91.txt unit test logs https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.8.0_66.txt https://builds.apache.org/job/PreCommit-HDFS-Build/14390/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.7.0_91.txt JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/14390/testReport/ modules C: hadoop-hdfs-project/hadoop-hdfs U: hadoop-hdfs-project/hadoop-hdfs Max memory used 77MB Console output https://builds.apache.org/job/PreCommit-HDFS-Build/14390/console Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        aw Allen Wittenauer added a comment -

        +1

        committed to 2.8

        thanks!

        Show
        aw Allen Wittenauer added a comment - +1 committed to 2.8 thanks!
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-trunk-Commit #9269 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9269/)
        HDFS-9760. WebHDFS AuthFilter cannot be configured with custom (aw: rev 401ae4ecdb64e1ae2730976f96f7949831305c07)

        • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
        • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
        • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
        • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #9269 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9269/ ) HDFS-9760 . WebHDFS AuthFilter cannot be configured with custom (aw: rev 401ae4ecdb64e1ae2730976f96f7949831305c07) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

          People

          • Assignee:
            rsasson Ryan Sasson
            Reporter:
            rsasson Ryan Sasson
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development