Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 35BB610817 for ; Mon, 9 Mar 2015 23:32:39 +0000 (UTC) Received: (qmail 64539 invoked by uid 500); 9 Mar 2015 23:32:38 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 64484 invoked by uid 500); 9 Mar 2015 23:32:38 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 64472 invoked by uid 99); 9 Mar 2015 23:32:38 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Mar 2015 23:32:38 +0000 Date: Mon, 9 Mar 2015 23:32:38 +0000 (UTC) From: "Ryan Sasson (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-10709) Reuse Filters across web apps MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-10709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14353875#comment-14353875 ] Ryan Sasson commented on HADOOP-10709: -------------------------------------- Hi all, I am Allen's colleague at Altiscale and have been part of the custom authentication effort. I have tried to apply the patch but have not been successful, the patch is attempting to change a method (in particular getFilterHolder()) that does not exist in trunk or other recent branches I have checked. I manually added the method and saw a null pointer exception when starting WebHDFS on the Namenode because no method is called before to populate the filters map object. Additionally, this won't fix the problem described in HDFS-5796. As Allen mentioned in a comment on the ticket, initializing WebHDFS with a subclass of AltKerberosAuthenticationHandler is broken because all filter parameters don't get passed down and it does not read the cookie signature secret file. This problem stems from the getAuthFilterParams() method and it is still being used in this patch. > Reuse Filters across web apps > ----------------------------- > > Key: HADOOP-10709 > URL: https://issues.apache.org/jira/browse/HADOOP-10709 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Benoy Antony > Assignee: Benoy Antony > Attachments: HADOOP-10709-002.patch, HADOOP-10709.patch > > > Currently, we need to define separate authentication filters for webhdfs and general webui. This also involves defining parameters for those filters. > It will be better if one could reuse filters for web apps if desired. -- This message was sent by Atlassian JIRA (v6.3.4#6332)