hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan Sasson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10703) HttpServer2 creates multiple authentication filters
Date Thu, 19 Mar 2015 18:41:39 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14369876#comment-14369876
] 

Ryan Sasson commented on HADOOP-10703:
--------------------------------------

This patch does not fix the issue for authentication with a custom alt-kerberos class, when
browsing to the dfs file browser the console log says "Failed to load resource: the server
responded with a status of 401 (org.apache.hadoop.security.authentication.util.SignerException:
Invalid signature)" indicating that WebHDFS is not accepting the signature from the hadoop.auth
cookie issued when accessing the namenode UI.

The core of the problem is that the WebHDFS authentication filter is still being initialized
differently compared to the rest of the filters (which are configured to be initialized with
the AuthenticationFilterInitializer class). Unifying the initialization of the WebHDFS authentication
filter with the other filters will fix this issue.

> HttpServer2 creates multiple authentication filters
> ---------------------------------------------------
>
>                 Key: HADOOP-10703
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10703
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>             Fix For: 2.7.0
>
>         Attachments: HADOOP-10703-002.patch, HADOOP-10703-003.patch, HADOOP-10703.patch,
multiple-authenticationfilter-inits.log
>
>
> The HttpServer2.defineFilter creates a Filter instance for each context. By default,
there are 3 contexts.
> So there will be 3 separate AuthenticationFilter instances and corresponding AuthenticationHandler
instances. This also results in 3 separate initializations of AuthenticationHandler.
> The log file illustrating this repeated initialization is attached.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message