apex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pramod Immaneni <pra...@datatorrent.com>
Subject Re: Apex HTTP Authentication
Date Thu, 13 Jul 2017 05:07:45 GMT
Looks like the disable behavior is a bug, could you file a JIRA?

Thanks

On Wed, Jul 12, 2017 at 9:36 PM, Thomas Weise <thw@apache.org> wrote:

> I'm working on a secure cluster that has authentication enabled for the
> YARN services.
>
> In my Apex setup, I have:
>
>  <property>
>
>    <name>apex.attr.STRAM_HTTP_AUTHENTICATION</name>
>
>    <value>DISABLE</value>
>
>  </property>
>
> "DISABLE - Disable authentication for web services."
>
> That's not what happens though, it rather follows the Hadoop setting and
> fails because in this case Kerberos is enabled and the keytab not
> configured.
>
> I think that if a DISABLE option is advertised, then it should turn off
> the authentication that gets inherited from the node manager environment.
>
>     Configuration config = getConfig();
>
>     if (SecurityUtils.isStramWebSecurityEnabled()) {
>
>        config = new Configuration(config);
>
>        config.set("hadoop.http.filter.initializers",
> StramWSFilterInitializer.class.getCanonicalName());
>
>      } else {
>
>        if (!"simple".equals(config.get(SecurityUtils.HADOOP_HTTP_AUTH_PROP)))
> {
>
>          LOG.warn("Found http authentication {} but authentication was
> disabled in Apex.",
>
>              config.get(SecurityUtils.HADOOP_HTTP_AUTH_PROP));
>
>          config = new Configuration(config);
>
>          // turn off authentication for Apex as specified by user
>
>          config.set(SecurityUtils.HADOOP_HTTP_AUTH_PROP, "simple");
>
>        }
>
>     }
>
> It will also help tremendously when warning from jetty are not swallowed
> due to
>
>     org.mortbay.log.Log.setLog(null);
>
> Otherwise there is just a "handler failed" message and the user has no way
> to know what went wrong without hacking the Apex code?
>
> Thanks,
> Thomas
>
>
>

Mime
View raw message