diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java index 96c3cdf420..b209fecc68 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java @@ -24,6 +24,7 @@ import org.apache.hadoop.http.FilterInitializer; import org.apache.hadoop.security.AuthenticationFilterInitializer; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; +import org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler; import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; import org.apache.hadoop.security.authorize.ProxyUsers; @@ -99,7 +100,11 @@ public void initFilter(FilterContainer container, Configuration conf) { } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) { filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); + } else if (authType.equals(JWTRedirectAuthenticationHandler.class.getName())) { + filterConfig.put(AuthenticationFilter.AUTH_TYPE, + JWTDelegationTokenAuthenticationHandler.class.getName()); } + filterConfig.put(DelegationTokenAuthenticationHandler.TOKEN_KIND, TimelineDelegationTokenIdentifier.KIND_NAME.toString()); @@ -107,4 +112,11 @@ public void initFilter(FilterContainer container, Configuration conf) { TimelineAuthenticationFilter.class.getName(), filterConfig); } + + public static class JWTDelegationTokenAuthenticationHandler + extends DelegationTokenAuthenticationHandler { + public JWTDelegationTokenAuthenticationHandler() { + super(new JWTRedirectAuthenticationHandler()); + } + } }