curl -i --negotiate -u : -H 'Upgrade: websocket' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==' http:HTTP/1.1 401 Authentication required
Date: Thu, 04 Oct 2018 21:02:22 GMT
Date: Thu, 04 Oct 2018 21:02:22 GMT
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Path=/; Domain=example.com; HttpOnly
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 272
HTTP/1.1 101 Switching Protocols
Date: Thu, 04 Oct 2018 21:02:22 GMT
Cache-Control: no-cache
Expires: Thu, 04 Oct 2018 21:02:22 GMT
Date: Thu, 04 Oct 2018 21:02:22 GMT
Pragma: no-cache
Content-Type: text/plain;charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
WWW-Authenticate: Negotiate YGoGCSqGSIb3EgECAgIAb1swWaADAgEFoQMCAQ+iTTBLoAMCARKiRARCP+d4BKPjrGJcC8EEDX5by19u6EetMvscxmkmImFrRFZCT+EdKYbaBIaNn9/Td/fmIW6EOQeXBy6T8UMmAP2588qi
Set-Cookie: hadoop.auth="u=hbase&p=hbase/hadoop.example.com@EXAMPLE.COM&t=kerberos&e=1538722942268&s=DPKQ5Q58BR7LqZTkw2EyhLNpFN3MggMRJzX49SipyYE="; Path=/; Domain=example.com; HttpOnly
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: Upgrade
Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk=
Upgrade: WebSocket
Using curl as sanity test with
YARN-8763patch 004, and verified the container shell websocket is protected by AuthenticationFilter: