--- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.old 2016-03-11 16:46:27.376537242 -0500 +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java 2016-03-11 16:46:57.353212774 -0500 @@ -18,12 +18,15 @@ package org.apache.hadoop.yarn.server.timeline.security; -import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.http.FilterContainer; import org.apache.hadoop.http.FilterInitializer; import org.apache.hadoop.http.HttpServer2; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.io.IOUtils; import org.apache.hadoop.security.SecurityUtil; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; @@ -54,6 +57,7 @@ * The configuration prefix of timeline HTTP authentication */ public static final String PREFIX = "yarn.timeline-service.http-authentication."; + private static final Log LOG = LogFactory.getLog(TimelineAuthenticationFilterInitializer.class); @VisibleForTesting Map filterConfig; @@ -97,12 +101,27 @@ } String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); + + + LOG.info("AuthType Configured: "+authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { + filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); - } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) { - filterConfig.put(AuthenticationFilter.AUTH_TYPE, + LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); + + } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() && conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) { + + if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { + filterConfig.put(AuthenticationFilter.AUTH_TYPE, + authType); + LOG.info("AuthType: "+authType); + } else { + filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); + LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); + } + // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);