Oozie
  1. Oozie
  2. OOZIE-77

Oozie should support Kerberos authentication on its HTTP REST API

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.0
    • Component/s: None
    • Labels:
      None

      Description

      Original Issue: GH-35

      The correct way of doing this would be using an SPNEGO filter on the server side.

      Ideally authentication should be plugglable, allowing support for cookie based auth, certs, etc.

        Activity

        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-29 23:34:21, Angelo K. Huang wrote:

        > Please add user.name statement to the line #196. It can help users understand what is simple/pseudo as well.

        >

        > +1

        A ticket has been created to work on sub-task to enable user options to pick a specific authentication using Oozie client.

        https://issues.apache.org/jira/browse/OOZIE-624

        • Angelo K.

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3572
        -----------------------------------------------------------

        On 2011-11-29 01:21:02, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-29 01:21:02)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1207728

        /trunk/client/src/main/bin/oozie 1207728

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1207728

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1207728

        /trunk/core/src/main/conf/oozie-log4j.properties 1207728

        /trunk/core/src/main/conf/oozie-site.xml 1207728

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1207728

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1207728

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1207728

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1207728

        /trunk/pom.xml 1207728

        /trunk/webapp/pom.xml 1207728

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1207728

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-29 23:34:21, Angelo K. Huang wrote: > Please add user.name statement to the line #196. It can help users understand what is simple/pseudo as well. > > +1 A ticket has been created to work on sub-task to enable user options to pick a specific authentication using Oozie client. https://issues.apache.org/jira/browse/OOZIE-624 Angelo K. ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3572 ----------------------------------------------------------- On 2011-11-29 01:21:02, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-29 01:21:02) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1207728 /trunk/client/src/main/bin/oozie 1207728 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1207728 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1207728 /trunk/core/src/main/conf/oozie-log4j.properties 1207728 /trunk/core/src/main/conf/oozie-site.xml 1207728 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1207728 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1207728 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1207728 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1207728 /trunk/pom.xml 1207728 /trunk/webapp/pom.xml 1207728 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1207728 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3572
        -----------------------------------------------------------

        Ship it!

        Please add user.name statement to the line #196. It can help users understand what is simple/pseudo as well.

        +1

        /trunk/docs/src/site/twiki/AG_Install.twiki
        <https://reviews.apache.org/r/2875/#comment7989>

        In default, it uses the Java System property 'user.name'. It could be overridden this value using -Duser.name=foo.

        • Angelo K.

        On 2011-11-29 01:21:02, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-29 01:21:02)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1207728

        /trunk/client/src/main/bin/oozie 1207728

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1207728

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1207728

        /trunk/core/src/main/conf/oozie-log4j.properties 1207728

        /trunk/core/src/main/conf/oozie-site.xml 1207728

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1207728

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1207728

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1207728

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1207728

        /trunk/pom.xml 1207728

        /trunk/webapp/pom.xml 1207728

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1207728

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3572 ----------------------------------------------------------- Ship it! Please add user.name statement to the line #196. It can help users understand what is simple/pseudo as well. +1 /trunk/docs/src/site/twiki/AG_Install.twiki < https://reviews.apache.org/r/2875/#comment7989 > In default, it uses the Java System property 'user.name'. It could be overridden this value using -Duser.name=foo. Angelo K. On 2011-11-29 01:21:02, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-29 01:21:02) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1207728 /trunk/client/src/main/bin/oozie 1207728 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1207728 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1207728 /trunk/core/src/main/conf/oozie-log4j.properties 1207728 /trunk/core/src/main/conf/oozie-site.xml 1207728 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1207728 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1207728 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1207728 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1207728 /trunk/pom.xml 1207728 /trunk/webapp/pom.xml 1207728 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1207728 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/
        -----------------------------------------------------------

        (Updated 2011-11-29 01:21:02.462529)

        Review request for oozie.

        Changes
        -------

        correction in documentation removing oozie.client.class reference

        Summary
        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.
        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs (updated)


        /trunk/client/pom.xml 1207728
        /trunk/client/src/main/bin/oozie 1207728
        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1207728
        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION
        /trunk/core/pom.xml 1207728
        /trunk/core/src/main/conf/oozie-log4j.properties 1207728
        /trunk/core/src/main/conf/oozie-site.xml 1207728
        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION
        /trunk/core/src/main/resources/oozie-default.xml 1207728
        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1207728
        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION
        /trunk/docs/src/site/twiki/AG_Install.twiki 1207728
        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1207728
        /trunk/pom.xml 1207728
        /trunk/webapp/pom.xml 1207728
        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1207728

        Diff: https://reviews.apache.org/r/2875/diff

        Testing
        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-29 01:21:02.462529) Review request for oozie. Changes ------- correction in documentation removing oozie.client.class reference Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs (updated) /trunk/client/pom.xml 1207728 /trunk/client/src/main/bin/oozie 1207728 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1207728 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1207728 /trunk/core/src/main/conf/oozie-log4j.properties 1207728 /trunk/core/src/main/conf/oozie-site.xml 1207728 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1207728 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1207728 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1207728 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1207728 /trunk/pom.xml 1207728 /trunk/webapp/pom.xml 1207728 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1207728 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3548
        -----------------------------------------------------------

        /trunk/docs/src/site/twiki/AG_Install.twiki
        <https://reviews.apache.org/r/2875/#comment7884>

        This is how hadoop-auth handles pseudo auth, it uses the value of the user.name param as the user id.

        The PseudoAuthenticatorClient uses the Java System property 'user.name'.

        You could override this value using -Duser.name=foo when using Oozie. Although it is something you should not do.

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7885>

        this is incorrect, i'll remove. thxs

        • Alejandro

        On 2011-11-24 16:45:59, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-24 16:45:59)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1205923

        /trunk/client/src/main/bin/oozie 1205923

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1205923

        /trunk/core/src/main/conf/oozie-log4j.properties 1205923

        /trunk/core/src/main/conf/oozie-site.xml 1205923

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1205923

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923

        /trunk/pom.xml 1205923

        /trunk/webapp/pom.xml 1205923

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3548 ----------------------------------------------------------- /trunk/docs/src/site/twiki/AG_Install.twiki < https://reviews.apache.org/r/2875/#comment7884 > This is how hadoop-auth handles pseudo auth, it uses the value of the user.name param as the user id. The PseudoAuthenticatorClient uses the Java System property 'user.name'. You could override this value using -Duser.name=foo when using Oozie. Although it is something you should not do. /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7885 > this is incorrect, i'll remove. thxs Alejandro On 2011-11-24 16:45:59, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-24 16:45:59) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1205923 /trunk/client/src/main/bin/oozie 1205923 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1205923 /trunk/core/src/main/conf/oozie-log4j.properties 1205923 /trunk/core/src/main/conf/oozie-site.xml 1205923 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1205923 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923 /trunk/pom.xml 1205923 /trunk/webapp/pom.xml 1205923 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3547
        -----------------------------------------------------------

        /trunk/docs/src/site/twiki/AG_Install.twiki
        <https://reviews.apache.org/r/2875/#comment7882>

        Could you give an example how to pass in user.name?

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7883>

        How come 'oozie.client.class' is not used at any other places? Please give examples.

        • Angelo K.

        On 2011-11-24 16:45:59, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-24 16:45:59)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1205923

        /trunk/client/src/main/bin/oozie 1205923

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1205923

        /trunk/core/src/main/conf/oozie-log4j.properties 1205923

        /trunk/core/src/main/conf/oozie-site.xml 1205923

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1205923

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923

        /trunk/pom.xml 1205923

        /trunk/webapp/pom.xml 1205923

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3547 ----------------------------------------------------------- /trunk/docs/src/site/twiki/AG_Install.twiki < https://reviews.apache.org/r/2875/#comment7882 > Could you give an example how to pass in user.name? /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7883 > How come 'oozie.client.class' is not used at any other places? Please give examples. Angelo K. On 2011-11-24 16:45:59, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-24 16:45:59) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1205923 /trunk/client/src/main/bin/oozie 1205923 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1205923 /trunk/core/src/main/conf/oozie-log4j.properties 1205923 /trunk/core/src/main/conf/oozie-site.xml 1205923 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1205923 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923 /trunk/pom.xml 1205923 /trunk/webapp/pom.xml 1205923 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-24 01:42:37, Angelo K. Huang wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92

        > <https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92>

        >

        > We should let user decide what kind of auth he/she wants to use. Ex.

        >

        > -auth simple

        > -auth kerberos

        Alejandro Abdelnur wrote:

        The client does not decide the authentication of the server.

        For example, out of the box the client handles both kerberos and simple and it will do what the server responds.

        If you see the KerberosAuthenticator implementation delegates to the SimpleAuthenticator.

        If you have a custom mechanism you could do the same, delegating to KerberosAuthenticator which in turn will delegate to SimpleAuthenticator.

        Angelo K. Huang wrote:

        Actually, there is one case which could be tricky to implement. If I want to implement one password authenticator which allow users type their unix password, according to what you described above, this authenticator has to delegate to kerberos authenticator. That means a user has to always type password first and then fall back to kerberos even he/she intents to use kerberos in the beginning. What if the password auth also allows users to retype three times? If a user intents to use kerberos, he/she has to type three times of wrong password to make it failed and then fall back to kerberos.

        well, in that case, if your first level auth is user/password auth, then to skip it you could use a system property when invoking Oozie CLI (ie -Dskip.password) and your password client authenticator would (in the presence of this system property) delegate directly to Kerberos without trying to get the password.

        That would be a way of solving that. Note that this is required because it is not the server in this case the one that is telling you the auth to use, it is the client that is trying to decide this.

        • Alejandro

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3498
        -----------------------------------------------------------

        On 2011-11-24 16:45:59, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-24 16:45:59)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1205923

        /trunk/client/src/main/bin/oozie 1205923

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1205923

        /trunk/core/src/main/conf/oozie-log4j.properties 1205923

        /trunk/core/src/main/conf/oozie-site.xml 1205923

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1205923

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923

        /trunk/pom.xml 1205923

        /trunk/webapp/pom.xml 1205923

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-24 01:42:37, Angelo K. Huang wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92 > < https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92 > > > We should let user decide what kind of auth he/she wants to use. Ex. > > -auth simple > -auth kerberos Alejandro Abdelnur wrote: The client does not decide the authentication of the server. For example, out of the box the client handles both kerberos and simple and it will do what the server responds. If you see the KerberosAuthenticator implementation delegates to the SimpleAuthenticator. If you have a custom mechanism you could do the same, delegating to KerberosAuthenticator which in turn will delegate to SimpleAuthenticator. Angelo K. Huang wrote: Actually, there is one case which could be tricky to implement. If I want to implement one password authenticator which allow users type their unix password, according to what you described above, this authenticator has to delegate to kerberos authenticator. That means a user has to always type password first and then fall back to kerberos even he/she intents to use kerberos in the beginning. What if the password auth also allows users to retype three times? If a user intents to use kerberos, he/she has to type three times of wrong password to make it failed and then fall back to kerberos. well, in that case, if your first level auth is user/password auth, then to skip it you could use a system property when invoking Oozie CLI (ie -Dskip.password) and your password client authenticator would (in the presence of this system property) delegate directly to Kerberos without trying to get the password. That would be a way of solving that. Note that this is required because it is not the server in this case the one that is telling you the auth to use, it is the client that is trying to decide this. Alejandro ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3498 ----------------------------------------------------------- On 2011-11-24 16:45:59, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-24 16:45:59) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1205923 /trunk/client/src/main/bin/oozie 1205923 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1205923 /trunk/core/src/main/conf/oozie-log4j.properties 1205923 /trunk/core/src/main/conf/oozie-site.xml 1205923 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1205923 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923 /trunk/pom.xml 1205923 /trunk/webapp/pom.xml 1205923 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-24 01:42:37, Angelo K. Huang wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92

        > <https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92>

        >

        > We should let user decide what kind of auth he/she wants to use. Ex.

        >

        > -auth simple

        > -auth kerberos

        Alejandro Abdelnur wrote:

        The client does not decide the authentication of the server.

        For example, out of the box the client handles both kerberos and simple and it will do what the server responds.

        If you see the KerberosAuthenticator implementation delegates to the SimpleAuthenticator.

        If you have a custom mechanism you could do the same, delegating to KerberosAuthenticator which in turn will delegate to SimpleAuthenticator.

        Actually, there is one case which could be tricky to implement. If I want to implement one password authenticator which allow users type their unix password, according to what you described above, this authenticator has to delegate to kerberos authenticator. That means a user has to always type password first and then fall back to kerberos even he/she intents to use kerberos in the beginning. What if the password auth also allows users to retype three times? If a user intents to use kerberos, he/she has to type three times of wrong password to make it failed and then fall back to kerberos.

        • Angelo K.

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3498
        -----------------------------------------------------------

        On 2011-11-24 16:45:59, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-24 16:45:59)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1205923

        /trunk/client/src/main/bin/oozie 1205923

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1205923

        /trunk/core/src/main/conf/oozie-log4j.properties 1205923

        /trunk/core/src/main/conf/oozie-site.xml 1205923

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1205923

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923

        /trunk/pom.xml 1205923

        /trunk/webapp/pom.xml 1205923

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-24 01:42:37, Angelo K. Huang wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92 > < https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92 > > > We should let user decide what kind of auth he/she wants to use. Ex. > > -auth simple > -auth kerberos Alejandro Abdelnur wrote: The client does not decide the authentication of the server. For example, out of the box the client handles both kerberos and simple and it will do what the server responds. If you see the KerberosAuthenticator implementation delegates to the SimpleAuthenticator. If you have a custom mechanism you could do the same, delegating to KerberosAuthenticator which in turn will delegate to SimpleAuthenticator. Actually, there is one case which could be tricky to implement. If I want to implement one password authenticator which allow users type their unix password, according to what you described above, this authenticator has to delegate to kerberos authenticator. That means a user has to always type password first and then fall back to kerberos even he/she intents to use kerberos in the beginning. What if the password auth also allows users to retype three times? If a user intents to use kerberos, he/she has to type three times of wrong password to make it failed and then fall back to kerberos. Angelo K. ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3498 ----------------------------------------------------------- On 2011-11-24 16:45:59, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-24 16:45:59) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1205923 /trunk/client/src/main/bin/oozie 1205923 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1205923 /trunk/core/src/main/conf/oozie-log4j.properties 1205923 /trunk/core/src/main/conf/oozie-site.xml 1205923 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1205923 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923 /trunk/pom.xml 1205923 /trunk/webapp/pom.xml 1205923 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/
        -----------------------------------------------------------

        (Updated 2011-11-24 16:45:59.727492)

        Review request for oozie.

        Changes
        -------

        updated patch:

        • removing cloudera reference from docs
        • rebasing to current trunk (after OOZIE-610)

        Summary
        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.
        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs (updated)


        /trunk/client/pom.xml 1205923
        /trunk/client/src/main/bin/oozie 1205923
        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923
        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION
        /trunk/core/pom.xml 1205923
        /trunk/core/src/main/conf/oozie-log4j.properties 1205923
        /trunk/core/src/main/conf/oozie-site.xml 1205923
        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION
        /trunk/core/src/main/resources/oozie-default.xml 1205923
        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923
        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION
        /trunk/docs/src/site/twiki/AG_Install.twiki 1205923
        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923
        /trunk/pom.xml 1205923
        /trunk/webapp/pom.xml 1205923
        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923

        Diff: https://reviews.apache.org/r/2875/diff

        Testing
        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-24 16:45:59.727492) Review request for oozie. Changes ------- updated patch: removing cloudera reference from docs rebasing to current trunk (after OOZIE-610 ) Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs (updated) /trunk/client/pom.xml 1205923 /trunk/client/src/main/bin/oozie 1205923 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1205923 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1205923 /trunk/core/src/main/conf/oozie-log4j.properties 1205923 /trunk/core/src/main/conf/oozie-site.xml 1205923 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1205923 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1205923 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1205923 /trunk/pom.xml 1205923 /trunk/webapp/pom.xml 1205923 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1205923 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-24 01:46:04, Angelo K. Huang wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 90

        > <https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line90>

        >

        > I do not think it is ok to put a release or company at Apache code base. If IBM developer submits a patch and claim it is available on download.ibm, it will be weird.

        You are correct, my bad, I've missed removing this when porting the patch, will update.

        • Alejandro

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3499
        -----------------------------------------------------------

        On 2011-11-21 21:15:10, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-21 21:15:10)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1204710

        /trunk/client/src/main/bin/oozie 1204710

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1204710

        /trunk/core/src/main/conf/oozie-log4j.properties 1204710

        /trunk/core/src/main/conf/oozie-site.xml 1204710

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1204710

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710

        /trunk/pom.xml 1204710

        /trunk/webapp/pom.xml 1204710

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-24 01:46:04, Angelo K. Huang wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 90 > < https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line90 > > > I do not think it is ok to put a release or company at Apache code base. If IBM developer submits a patch and claim it is available on download.ibm, it will be weird. You are correct, my bad, I've missed removing this when porting the patch, will update. Alejandro ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3499 ----------------------------------------------------------- On 2011-11-21 21:15:10, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-21 21:15:10) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1204710 /trunk/client/src/main/bin/oozie 1204710 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1204710 /trunk/core/src/main/conf/oozie-log4j.properties 1204710 /trunk/core/src/main/conf/oozie-site.xml 1204710 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1204710 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710 /trunk/pom.xml 1204710 /trunk/webapp/pom.xml 1204710 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-24 01:42:37, Angelo K. Huang wrote:

        > /trunk/core/pom.xml, line 225

        > <https://reviews.apache.org/r/2875/diff/2/?file=59621#file59621line225>

        >

        > why u need log4j at compile?

        This is not log4j (which Oozie has already at compile time) but the slf4j log4j adapter which is used by Hadoop-auth (alfredo) server side and specified as optional dependency in its POM (optional because the client side does not uses it).

        On 2011-11-24 01:42:37, Angelo K. Huang wrote:

        > /trunk/core/src/main/resources/oozie-default.xml, line 1407

        > <https://reviews.apache.org/r/2875/diff/2/?file=59625#file59625line1407>

        >

        > same here

        answered in the previous comment.

        On 2011-11-24 01:42:37, Angelo K. Huang wrote:

        > /trunk/core/src/main/conf/oozie-site.xml, line 249

        > <https://reviews.apache.org/r/2875/diff/2/?file=59623#file59623line249>

        >

        > how to describe Oozie supports multiple auths?

        simple & kerberos are aliases for the out of the box supported authentication mechanisms. If you have a custom one you specify here the class of your AuthenticationHandler.

        How you specify multiple? It is the responsibility fo the AuthenticationHandler to do so. You can have an implementation that is a multiplexor of other AuthenticationHandlers if you need to.

        On 2011-11-24 01:42:37, Angelo K. Huang wrote:

        > /trunk/docs/src/site/twiki/AG_Install.twiki, line 200

        > <https://reviews.apache.org/r/2875/diff/2/?file=59628#file59628line200>

        >

        > Can server supports both at same time?

        No with the current implementation, supporting simple and Kerberos at the same time does not make sense.

        But if you want to support Kerberos and some other (ie) LDAP authentication mechanism, then you could write a AuthenticationHandler multiplexor that probes the request with the different AuthenticationHandlers it has until one says that it validates the request or all fail.

        On 2011-11-24 01:42:37, Angelo K. Huang wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92

        > <https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92>

        >

        > We should let user decide what kind of auth he/she wants to use. Ex.

        >

        > -auth simple

        > -auth kerberos

        The client does not decide the authentication of the server.

        For example, out of the box the client handles both kerberos and simple and it will do what the server responds.

        If you see the KerberosAuthenticator implementation delegates to the SimpleAuthenticator.

        If you have a custom mechanism you could do the same, delegating to KerberosAuthenticator which in turn will delegate to SimpleAuthenticator.

        • Alejandro

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3498
        -----------------------------------------------------------

        On 2011-11-21 21:15:10, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-21 21:15:10)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1204710

        /trunk/client/src/main/bin/oozie 1204710

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1204710

        /trunk/core/src/main/conf/oozie-log4j.properties 1204710

        /trunk/core/src/main/conf/oozie-site.xml 1204710

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1204710

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710

        /trunk/pom.xml 1204710

        /trunk/webapp/pom.xml 1204710

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-24 01:42:37, Angelo K. Huang wrote: > /trunk/core/pom.xml, line 225 > < https://reviews.apache.org/r/2875/diff/2/?file=59621#file59621line225 > > > why u need log4j at compile? This is not log4j (which Oozie has already at compile time) but the slf4j log4j adapter which is used by Hadoop-auth (alfredo) server side and specified as optional dependency in its POM (optional because the client side does not uses it). On 2011-11-24 01:42:37, Angelo K. Huang wrote: > /trunk/core/src/main/resources/oozie-default.xml, line 1407 > < https://reviews.apache.org/r/2875/diff/2/?file=59625#file59625line1407 > > > same here answered in the previous comment. On 2011-11-24 01:42:37, Angelo K. Huang wrote: > /trunk/core/src/main/conf/oozie-site.xml, line 249 > < https://reviews.apache.org/r/2875/diff/2/?file=59623#file59623line249 > > > how to describe Oozie supports multiple auths? simple & kerberos are aliases for the out of the box supported authentication mechanisms. If you have a custom one you specify here the class of your AuthenticationHandler. How you specify multiple? It is the responsibility fo the AuthenticationHandler to do so. You can have an implementation that is a multiplexor of other AuthenticationHandlers if you need to. On 2011-11-24 01:42:37, Angelo K. Huang wrote: > /trunk/docs/src/site/twiki/AG_Install.twiki, line 200 > < https://reviews.apache.org/r/2875/diff/2/?file=59628#file59628line200 > > > Can server supports both at same time? No with the current implementation, supporting simple and Kerberos at the same time does not make sense. But if you want to support Kerberos and some other (ie) LDAP authentication mechanism, then you could write a AuthenticationHandler multiplexor that probes the request with the different AuthenticationHandlers it has until one says that it validates the request or all fail. On 2011-11-24 01:42:37, Angelo K. Huang wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 92 > < https://reviews.apache.org/r/2875/diff/2/?file=59629#file59629line92 > > > We should let user decide what kind of auth he/she wants to use. Ex. > > -auth simple > -auth kerberos The client does not decide the authentication of the server. For example, out of the box the client handles both kerberos and simple and it will do what the server responds. If you see the KerberosAuthenticator implementation delegates to the SimpleAuthenticator. If you have a custom mechanism you could do the same, delegating to KerberosAuthenticator which in turn will delegate to SimpleAuthenticator. Alejandro ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3498 ----------------------------------------------------------- On 2011-11-21 21:15:10, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-21 21:15:10) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1204710 /trunk/client/src/main/bin/oozie 1204710 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1204710 /trunk/core/src/main/conf/oozie-log4j.properties 1204710 /trunk/core/src/main/conf/oozie-site.xml 1204710 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1204710 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710 /trunk/pom.xml 1204710 /trunk/webapp/pom.xml 1204710 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3499
        -----------------------------------------------------------

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7785>

        I do not think it is ok to put a release or company at Apache code base. If IBM developer submits a patch and claim it is available on download.ibm, it will be weird.

        • Angelo K.

        On 2011-11-21 21:15:10, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-21 21:15:10)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1204710

        /trunk/client/src/main/bin/oozie 1204710

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1204710

        /trunk/core/src/main/conf/oozie-log4j.properties 1204710

        /trunk/core/src/main/conf/oozie-site.xml 1204710

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1204710

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710

        /trunk/pom.xml 1204710

        /trunk/webapp/pom.xml 1204710

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3499 ----------------------------------------------------------- /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7785 > I do not think it is ok to put a release or company at Apache code base. If IBM developer submits a patch and claim it is available on download.ibm, it will be weird. Angelo K. On 2011-11-21 21:15:10, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-21 21:15:10) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1204710 /trunk/client/src/main/bin/oozie 1204710 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1204710 /trunk/core/src/main/conf/oozie-log4j.properties 1204710 /trunk/core/src/main/conf/oozie-site.xml 1204710 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1204710 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710 /trunk/pom.xml 1204710 /trunk/webapp/pom.xml 1204710 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3498
        -----------------------------------------------------------

        /trunk/core/pom.xml
        <https://reviews.apache.org/r/2875/#comment7779>

        why u need log4j at compile?

        /trunk/core/src/main/conf/oozie-site.xml
        <https://reviews.apache.org/r/2875/#comment7780>

        how to describe Oozie supports multiple auths?

        /trunk/core/src/main/resources/oozie-default.xml
        <https://reviews.apache.org/r/2875/#comment7781>

        same here

        /trunk/docs/src/site/twiki/AG_Install.twiki
        <https://reviews.apache.org/r/2875/#comment7782>

        Can server supports both at same time?

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7784>

        We should let user decide what kind of auth he/she wants to use. Ex.

        -auth simple
        -auth kerberos

        • Angelo K.

        On 2011-11-21 21:15:10, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-21 21:15:10)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1204710

        /trunk/client/src/main/bin/oozie 1204710

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1204710

        /trunk/core/src/main/conf/oozie-log4j.properties 1204710

        /trunk/core/src/main/conf/oozie-site.xml 1204710

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1204710

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710

        /trunk/pom.xml 1204710

        /trunk/webapp/pom.xml 1204710

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3498 ----------------------------------------------------------- /trunk/core/pom.xml < https://reviews.apache.org/r/2875/#comment7779 > why u need log4j at compile? /trunk/core/src/main/conf/oozie-site.xml < https://reviews.apache.org/r/2875/#comment7780 > how to describe Oozie supports multiple auths? /trunk/core/src/main/resources/oozie-default.xml < https://reviews.apache.org/r/2875/#comment7781 > same here /trunk/docs/src/site/twiki/AG_Install.twiki < https://reviews.apache.org/r/2875/#comment7782 > Can server supports both at same time? /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7784 > We should let user decide what kind of auth he/she wants to use. Ex. -auth simple -auth kerberos Angelo K. On 2011-11-21 21:15:10, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-21 21:15:10) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1204710 /trunk/client/src/main/bin/oozie 1204710 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1204710 /trunk/core/src/main/conf/oozie-log4j.properties 1204710 /trunk/core/src/main/conf/oozie-site.xml 1204710 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1204710 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710 /trunk/pom.xml 1204710 /trunk/webapp/pom.xml 1204710 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 105

        > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line105>

        >

        > what is the default option? It is better if current user doesn't need to set any extra parameter

        Alejandro Abdelnur wrote:

        The default option is kerberos, but kerberos falls back to simple.

        If you are using a custom/internal handler, you could modify the oozie shell script to see your handler classname, thus making it transparent to your users.

        Mohammad Islam wrote:

        so for normal user who used to run w/o any authentication, they don't need to do anything in there job submission using oozie CLI.

        The system will first try to use Kerb and ,if it fails, use the 'simple'. Correct?

        correct

        • Alejandro

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3372
        -----------------------------------------------------------

        On 2011-11-21 21:15:10, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-21 21:15:10)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1204710

        /trunk/client/src/main/bin/oozie 1204710

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1204710

        /trunk/core/src/main/conf/oozie-log4j.properties 1204710

        /trunk/core/src/main/conf/oozie-site.xml 1204710

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1204710

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710

        /trunk/pom.xml 1204710

        /trunk/webapp/pom.xml 1204710

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-19 07:26:00, Mohammad Islam wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 105 > < https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line105 > > > what is the default option? It is better if current user doesn't need to set any extra parameter Alejandro Abdelnur wrote: The default option is kerberos, but kerberos falls back to simple. If you are using a custom/internal handler, you could modify the oozie shell script to see your handler classname, thus making it transparent to your users. Mohammad Islam wrote: so for normal user who used to run w/o any authentication, they don't need to do anything in there job submission using oozie CLI. The system will first try to use Kerb and ,if it fails, use the 'simple'. Correct? correct Alejandro ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3372 ----------------------------------------------------------- On 2011-11-21 21:15:10, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-21 21:15:10) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1204710 /trunk/client/src/main/bin/oozie 1204710 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1204710 /trunk/core/src/main/conf/oozie-log4j.properties 1204710 /trunk/core/src/main/conf/oozie-site.xml 1204710 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1204710 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710 /trunk/pom.xml 1204710 /trunk/webapp/pom.xml 1204710 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 105

        > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line105>

        >

        > what is the default option? It is better if current user doesn't need to set any extra parameter

        Alejandro Abdelnur wrote:

        The default option is kerberos, but kerberos falls back to simple.

        If you are using a custom/internal handler, you could modify the oozie shell script to see your handler classname, thus making it transparent to your users.

        so for normal user who used to run w/o any authentication, they don't need to do anything in there job submission using oozie CLI.
        The system will first try to use Kerb and ,if it fails, use the 'simple'. Correct?

        • Mohammad

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3372
        -----------------------------------------------------------

        On 2011-11-21 21:15:10, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-21 21:15:10)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1204710

        /trunk/client/src/main/bin/oozie 1204710

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1204710

        /trunk/core/src/main/conf/oozie-log4j.properties 1204710

        /trunk/core/src/main/conf/oozie-site.xml 1204710

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1204710

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710

        /trunk/pom.xml 1204710

        /trunk/webapp/pom.xml 1204710

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-19 07:26:00, Mohammad Islam wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 105 > < https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line105 > > > what is the default option? It is better if current user doesn't need to set any extra parameter Alejandro Abdelnur wrote: The default option is kerberos, but kerberos falls back to simple. If you are using a custom/internal handler, you could modify the oozie shell script to see your handler classname, thus making it transparent to your users. so for normal user who used to run w/o any authentication, they don't need to do anything in there job submission using oozie CLI. The system will first try to use Kerb and ,if it fails, use the 'simple'. Correct? Mohammad ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3372 ----------------------------------------------------------- On 2011-11-21 21:15:10, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-21 21:15:10) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1204710 /trunk/client/src/main/bin/oozie 1204710 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1204710 /trunk/core/src/main/conf/oozie-log4j.properties 1204710 /trunk/core/src/main/conf/oozie-site.xml 1204710 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1204710 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710 /trunk/pom.xml 1204710 /trunk/webapp/pom.xml 1204710 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/
        -----------------------------------------------------------

        (Updated 2011-11-21 21:15:10.954809)

        Review request for oozie.

        Changes
        -------

        documentation corrections based on feedback.

        Summary
        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.
        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs (updated)


        /trunk/client/pom.xml 1204710
        /trunk/client/src/main/bin/oozie 1204710
        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710
        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION
        /trunk/core/pom.xml 1204710
        /trunk/core/src/main/conf/oozie-log4j.properties 1204710
        /trunk/core/src/main/conf/oozie-site.xml 1204710
        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION
        /trunk/core/src/main/resources/oozie-default.xml 1204710
        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710
        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION
        /trunk/docs/src/site/twiki/AG_Install.twiki 1204710
        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710
        /trunk/pom.xml 1204710
        /trunk/webapp/pom.xml 1204710
        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710

        Diff: https://reviews.apache.org/r/2875/diff

        Testing
        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-21 21:15:10.954809) Review request for oozie. Changes ------- documentation corrections based on feedback. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs (updated) /trunk/client/pom.xml 1204710 /trunk/client/src/main/bin/oozie 1204710 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1204710 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1204710 /trunk/core/src/main/conf/oozie-log4j.properties 1204710 /trunk/core/src/main/conf/oozie-site.xml 1204710 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1204710 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1204710 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1204710 /trunk/pom.xml 1204710 /trunk/webapp/pom.xml 1204710 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1204710 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > Mostly want to know how that impact our internal auth. What types of modifications are needed?

        Mohammad, Y! internal auth is not part of Apache Oozie codebase, thus I cannot say anything in detail.

        What can I say is that you'll have to implement a client and a server handler for Y! internal authentication. Note that the client/server handler interfaces are very similar to the ones in the patch that Angelo posted in GH last year.

        If you have such code implemented internal, I would guess the refactoring to use this patch is minimal.

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > /trunk/docs/src/site/twiki/AG_Install.twiki, line 189

        > <https://reviews.apache.org/r/2875/diff/1/?file=59215#file59215line189>

        >

        > would you pls explain that?

        this is incorrect, i'll remove.

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 94

        > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line94>

        >

        > typo "i" -> in

        will fix

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 97

        > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line97>

        >

        > what is the important/value of 'simple' auth?

        pseudo/simple auth is the current mechanim that provides no real authentication, it just propagates the username in the current OS

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 103

        > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line103>

        >

        > Can you please elaborate on this? We wonder if it will break our current authentication.

        As mentioned above, you can implement/configure additional client/server 'handlers' for different authentication mechanism.

        On 2011-11-19 07:26:00, Mohammad Islam wrote:

        > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 105

        > <https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line105>

        >

        > what is the default option? It is better if current user doesn't need to set any extra parameter

        The default option is kerberos, but kerberos falls back to simple.

        If you are using a custom/internal handler, you could modify the oozie shell script to see your handler classname, thus making it transparent to your users.

        • Alejandro

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3372
        -----------------------------------------------------------

        On 2011-11-17 22:15:27, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-17 22:15:27)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1203392

        /trunk/client/src/main/bin/oozie 1203392

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1203392

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1203392

        /trunk/core/src/main/conf/oozie-log4j.properties 1203392

        /trunk/core/src/main/conf/oozie-site.xml 1203392

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1203392

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1203392

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1203392

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1203392

        /trunk/pom.xml 1203392

        /trunk/webapp/pom.xml 1203392

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1203392

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - On 2011-11-19 07:26:00, Mohammad Islam wrote: > Mostly want to know how that impact our internal auth. What types of modifications are needed? Mohammad, Y! internal auth is not part of Apache Oozie codebase, thus I cannot say anything in detail. What can I say is that you'll have to implement a client and a server handler for Y! internal authentication. Note that the client/server handler interfaces are very similar to the ones in the patch that Angelo posted in GH last year. If you have such code implemented internal, I would guess the refactoring to use this patch is minimal. On 2011-11-19 07:26:00, Mohammad Islam wrote: > /trunk/docs/src/site/twiki/AG_Install.twiki, line 189 > < https://reviews.apache.org/r/2875/diff/1/?file=59215#file59215line189 > > > would you pls explain that? this is incorrect, i'll remove. On 2011-11-19 07:26:00, Mohammad Islam wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 94 > < https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line94 > > > typo "i" -> in will fix On 2011-11-19 07:26:00, Mohammad Islam wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 97 > < https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line97 > > > what is the important/value of 'simple' auth? pseudo/simple auth is the current mechanim that provides no real authentication, it just propagates the username in the current OS On 2011-11-19 07:26:00, Mohammad Islam wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 103 > < https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line103 > > > Can you please elaborate on this? We wonder if it will break our current authentication. As mentioned above, you can implement/configure additional client/server 'handlers' for different authentication mechanism. On 2011-11-19 07:26:00, Mohammad Islam wrote: > /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki, line 105 > < https://reviews.apache.org/r/2875/diff/1/?file=59216#file59216line105 > > > what is the default option? It is better if current user doesn't need to set any extra parameter The default option is kerberos, but kerberos falls back to simple. If you are using a custom/internal handler, you could modify the oozie shell script to see your handler classname, thus making it transparent to your users. Alejandro ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3372 ----------------------------------------------------------- On 2011-11-17 22:15:27, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-17 22:15:27) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1203392 /trunk/client/src/main/bin/oozie 1203392 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1203392 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1203392 /trunk/core/src/main/conf/oozie-log4j.properties 1203392 /trunk/core/src/main/conf/oozie-site.xml 1203392 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1203392 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1203392 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1203392 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1203392 /trunk/pom.xml 1203392 /trunk/webapp/pom.xml 1203392 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1203392 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/#review3372
        -----------------------------------------------------------

        Mostly want to know how that impact our internal auth. What types of modifications are needed?

        /trunk/core/src/main/conf/oozie-site.xml
        <https://reviews.apache.org/r/2875/#comment7548>

        What will be the impact on Y! internal authentication which is based on filter?

        /trunk/docs/src/site/twiki/AG_Install.twiki
        <https://reviews.apache.org/r/2875/#comment7549>

        would you pls explain that?

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7550>

        typo "i" -> in

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7551>

        what is the important/value of 'simple' auth?

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7552>

        Can you please elaborate on this? We wonder if it will break our current authentication.

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki
        <https://reviews.apache.org/r/2875/#comment7553>

        what is the default option? It is better if current user doesn't need to set any extra parameter

        • Mohammad

        On 2011-11-17 22:15:27, Alejandro Abdelnur wrote:

        -----------------------------------------------------------

        This is an automatically generated e-mail. To reply, visit:

        https://reviews.apache.org/r/2875/

        -----------------------------------------------------------

        (Updated 2011-11-17 22:15:27)

        Review request for oozie.

        Summary

        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.

        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs

        -----

        /trunk/client/pom.xml 1203392

        /trunk/client/src/main/bin/oozie 1203392

        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1203392

        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION

        /trunk/core/pom.xml 1203392

        /trunk/core/src/main/conf/oozie-log4j.properties 1203392

        /trunk/core/src/main/conf/oozie-site.xml 1203392

        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION

        /trunk/core/src/main/resources/oozie-default.xml 1203392

        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1203392

        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION

        /trunk/docs/src/site/twiki/AG_Install.twiki 1203392

        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1203392

        /trunk/pom.xml 1203392

        /trunk/webapp/pom.xml 1203392

        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1203392

        Diff: https://reviews.apache.org/r/2875/diff

        Testing

        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/#review3372 ----------------------------------------------------------- Mostly want to know how that impact our internal auth. What types of modifications are needed? /trunk/core/src/main/conf/oozie-site.xml < https://reviews.apache.org/r/2875/#comment7548 > What will be the impact on Y! internal authentication which is based on filter? /trunk/docs/src/site/twiki/AG_Install.twiki < https://reviews.apache.org/r/2875/#comment7549 > would you pls explain that? /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7550 > typo "i" -> in /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7551 > what is the important/value of 'simple' auth? /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7552 > Can you please elaborate on this? We wonder if it will break our current authentication. /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki < https://reviews.apache.org/r/2875/#comment7553 > what is the default option? It is better if current user doesn't need to set any extra parameter Mohammad On 2011-11-17 22:15:27, Alejandro Abdelnur wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- (Updated 2011-11-17 22:15:27) Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs ----- /trunk/client/pom.xml 1203392 /trunk/client/src/main/bin/oozie 1203392 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1203392 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1203392 /trunk/core/src/main/conf/oozie-log4j.properties 1203392 /trunk/core/src/main/conf/oozie-site.xml 1203392 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1203392 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1203392 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1203392 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1203392 /trunk/pom.xml 1203392 /trunk/webapp/pom.xml 1203392 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1203392 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        jiraposter@reviews.apache.org added a comment -

        -----------------------------------------------------------
        This is an automatically generated e-mail. To reply, visit:
        https://reviews.apache.org/r/2875/
        -----------------------------------------------------------

        Review request for oozie.

        Summary
        -------

        Using hadoop-auth (Alfredo) 0.23.0.

        Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet.

        This addresses bug OOZIE-77.
        https://issues.apache.org/jira/browse/OOZIE-77

        Diffs


        /trunk/client/pom.xml 1203392
        /trunk/client/src/main/bin/oozie 1203392
        /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1203392
        /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION
        /trunk/core/pom.xml 1203392
        /trunk/core/src/main/conf/oozie-log4j.properties 1203392
        /trunk/core/src/main/conf/oozie-site.xml 1203392
        /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION
        /trunk/core/src/main/resources/oozie-default.xml 1203392
        /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1203392
        /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION
        /trunk/docs/src/site/twiki/AG_Install.twiki 1203392
        /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1203392
        /trunk/pom.xml 1203392
        /trunk/webapp/pom.xml 1203392
        /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1203392

        Diff: https://reviews.apache.org/r/2875/diff

        Testing
        -------

        Thanks,

        Alejandro

        Show
        jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2875/ ----------------------------------------------------------- Review request for oozie. Summary ------- Using hadoop-auth (Alfredo) 0.23.0. Currently using SNAPSHOT because 0.23.0 artifacts have not be published to Apache Maven repo yet. This addresses bug OOZIE-77 . https://issues.apache.org/jira/browse/OOZIE-77 Diffs /trunk/client/pom.xml 1203392 /trunk/client/src/main/bin/oozie 1203392 /trunk/client/src/main/java/org/apache/oozie/cli/OozieCLI.java 1203392 /trunk/client/src/main/java/org/apache/oozie/client/AuthOozieClient.java PRE-CREATION /trunk/core/pom.xml 1203392 /trunk/core/src/main/conf/oozie-log4j.properties 1203392 /trunk/core/src/main/conf/oozie-site.xml 1203392 /trunk/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java PRE-CREATION /trunk/core/src/main/resources/oozie-default.xml 1203392 /trunk/core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java 1203392 /trunk/core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java PRE-CREATION /trunk/docs/src/site/twiki/AG_Install.twiki 1203392 /trunk/docs/src/site/twiki/DG_CommandLineTool.twiki 1203392 /trunk/pom.xml 1203392 /trunk/webapp/pom.xml 1203392 /trunk/webapp/src/main/webapp/WEB-INF/web.xml 1203392 Diff: https://reviews.apache.org/r/2875/diff Testing ------- Thanks, Alejandro
        Hide
        Hadoop QA added a comment -

        anew remarked:
        Hi Tucu,

        you had posted a patch/pr for this earlier but it seems that you have removed that in the meantime. Could you please post that again? I would like to compare it to the patch that Angelo submitted, so that we can can find a common denominator.

        Thanks -Andreas.

        Show
        Hadoop QA added a comment - anew remarked: Hi Tucu, you had posted a patch/pr for this earlier but it seems that you have removed that in the meantime. Could you please post that again? I would like to compare it to the patch that Angelo submitted, so that we can can find a common denominator. Thanks -Andreas.
        Hide
        Hadoop QA added a comment -

        tucu00 remarked:
        Given the current developments, I'll remove the 2.3 tag from this issue as it will not make it to the 2.3 release.

        -----------
        From: Alejandro Abdelnur
        Date: Thu, Dec 9, 2010 at 1:06 PM

        Thanks for the answer.

        This means that Yahoo will not be contributing the Kerberos/SPNEGO patch for the Oozie 2.3 release scheduled to feature freeze on December 10th.

        I'll C&P this email to issue GH-0035.

        I'll also proceed to create an issue for branching 2.3 in preparation for feature freeze.

        Alejandro

        > On Thu, Dec 9, 2010 at 9:06 AM, Mohammad Islam wrote:
        >
        > Hi,
        > Oozie team at Yahoo has decided to add an authenticator module that would allow
        > user to plug-in any custom authenticator provider (such as Kerberos). Basically user
        > has to implement his custom authenticator provider and configure oozie server
        > accordingly. In this case, oozie server doesn’t require any rebuilding. Angelo will
        > soon commence a discussion of this pluggable approach in this group.
        >
        > In short, this is the high-level plan:
        > Yahoo will provide a basic framework where any custom authenticator module
        > could be plugged. In addition, Yahoo will provide a no-op authenticator module (as
        > an example) that could be used as default provider. This example will assist in
        > writing any custom authenticator provider. As soon as the implementation details
        > discussion closes, oozie team at yahoo will commit the code.
        > Another custom implementation for kerberos-based authenticator provider might be > available later.
        >
        > Regards,
        > Mohammad

        Show
        Hadoop QA added a comment - tucu00 remarked: Given the current developments, I'll remove the 2.3 tag from this issue as it will not make it to the 2.3 release. ----------- From: Alejandro Abdelnur Date: Thu, Dec 9, 2010 at 1:06 PM Thanks for the answer. This means that Yahoo will not be contributing the Kerberos/SPNEGO patch for the Oozie 2.3 release scheduled to feature freeze on December 10th. I'll C&P this email to issue GH-0035. I'll also proceed to create an issue for branching 2.3 in preparation for feature freeze. Alejandro > On Thu, Dec 9, 2010 at 9:06 AM, Mohammad Islam wrote: > > Hi, > Oozie team at Yahoo has decided to add an authenticator module that would allow > user to plug-in any custom authenticator provider (such as Kerberos). Basically user > has to implement his custom authenticator provider and configure oozie server > accordingly. In this case, oozie server doesn’t require any rebuilding. Angelo will > soon commence a discussion of this pluggable approach in this group. > > In short, this is the high-level plan: > Yahoo will provide a basic framework where any custom authenticator module > could be plugged. In addition, Yahoo will provide a no-op authenticator module (as > an example) that could be used as default provider. This example will assist in > writing any custom authenticator provider. As soon as the implementation details > discussion closes, oozie team at yahoo will commit the code. > Another custom implementation for kerberos-based authenticator provider might be > available later. > > Regards, > Mohammad
        Hide
        Hadoop QA added a comment -

        tucu00 remarked:
        That would be good if they support Kerberos SPENGO.

        Show
        Hadoop QA added a comment - tucu00 remarked: That would be good if they support Kerberos SPENGO.
        Hide
        Hadoop QA added a comment -

        toddlipcon remarked:
        Hopefully this can use the same servletfilter plugins as hadoop core.

        Show
        Hadoop QA added a comment - toddlipcon remarked: Hopefully this can use the same servletfilter plugins as hadoop core.

          People

          • Assignee:
            Alejandro Abdelnur
            Reporter:
            Hadoop QA
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development