hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-5291) Add Kerberos HTTP SPNEGO authentication support to HBase web consoles
Date Wed, 04 May 2016 07:21:13 GMT

    [ https://issues.apache.org/jira/browse/HBASE-5291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15270234#comment-15270234
] 

Hadoop QA commented on HBASE-5291:
----------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:green}+1{color} | {color:green} hbaseanti {color} | {color:green} 0m 0s {color} |
{color:green} Patch does not have any anti-patterns. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green}
The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s {color} | {color:red}
The patch doesn't appear to include any new or modified tests. Please justify why no new tests
are needed for this patch. Also please list what manual steps were performed to verify this
patch. {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 46s {color} | {color:blue}
Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 4m 28s {color}
| {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m 26s {color} |
{color:green} master passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 4m 3s {color} | {color:green}
master passed with JDK v1.7.0_79 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 9m 23s {color}
| {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 1m 33s {color}
| {color:green} master passed {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 0s {color} | {color:blue}
Skipped branch modules with no Java source: . {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 29s {color} |
{color:green} master passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 4m 47s {color} |
{color:green} master passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 4m 2s {color} | {color:green}
master passed with JDK v1.7.0_79 {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 11s {color} | {color:blue}
Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 5m 5s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m 54s {color} |
{color:green} the patch passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 5m 54s {color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 4m 5s {color} | {color:green}
the patch passed with JDK v1.7.0_79 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 4m 5s {color} | {color:green}
the patch passed {color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 4m 57s {color} | {color:red}
hbase-server: patch generated 2 new + 46 unchanged - 0 fixed = 48 total (was 46) {color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 4m 28s {color} | {color:red}
root: patch generated 2 new + 46 unchanged - 0 fixed = 48 total (was 46) {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 1m 39s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color}
| {color:green} Patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} hadoopcheck {color} | {color:green} 9m 22s {color}
| {color:green} Patch does not cause any errors with Hadoop 2.4.1 2.5.2 2.6.0. {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 0s {color} | {color:blue}
Skipped patch modules with no Java source: . {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 49s {color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 4m 42s {color} |
{color:green} the patch passed with JDK v1.8.0 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 7m 11s {color} |
{color:green} the patch passed with JDK v1.7.0_79 {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 106m 12s {color} | {color:red}
hbase-server in the patch failed. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 146m 55s {color} | {color:red}
root in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 33s {color}
| {color:green} Patch does not generate ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black} 341m 40s {color} | {color:black}
{color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests | hadoop.hbase.security.access.TestNamespaceCommands |
|   | hadoop.hbase.security.access.TestNamespaceCommands |
| Timed out junit tests | org.apache.hadoop.hbase.regionserver.TestRegionServerNoMaster |
|   | org.apache.hadoop.hbase.regionserver.TestAtomicOperation |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12802093/HBASE-5291.001.patch
|
| JIRA Issue | HBASE-5291 |
| Optional Tests |  asflicense  javac  javadoc  unit  findbugs  hadoopcheck  hbaseanti  checkstyle
 compile  |
| uname | Linux asf909.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep
3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/test_framework/yetus-0.2.1/lib/precommit/personality/hbase.sh
|
| git revision | master / 66213c9 |
| Default Java | 1.7.0_79 |
| Multi-JDK versions |  /home/jenkins/tools/java/jdk1.8.0:1.8.0 /usr/local/jenkins/java/jdk1.7.0_79:1.7.0_79
|
| findbugs | v3.0.0 |
| checkstyle | https://builds.apache.org/job/PreCommit-HBASE-Build/1749/artifact/patchprocess/diff-checkstyle-hbase-server.txt
|
| checkstyle | https://builds.apache.org/job/PreCommit-HBASE-Build/1749/artifact/patchprocess/diff-checkstyle-root.txt
|
| unit | https://builds.apache.org/job/PreCommit-HBASE-Build/1749/artifact/patchprocess/patch-unit-hbase-server.txt
|
| unit | https://builds.apache.org/job/PreCommit-HBASE-Build/1749/artifact/patchprocess/patch-unit-root.txt
|
| unit test logs |  https://builds.apache.org/job/PreCommit-HBASE-Build/1749/artifact/patchprocess/patch-unit-hbase-server.txt
https://builds.apache.org/job/PreCommit-HBASE-Build/1749/artifact/patchprocess/patch-unit-root.txt
|
|  Test Results | https://builds.apache.org/job/PreCommit-HBASE-Build/1749/testReport/ |
| modules | C: hbase-server . U: . |
| Console output | https://builds.apache.org/job/PreCommit-HBASE-Build/1749/console |
| Powered by | Apache Yetus 0.2.1   http://yetus.apache.org |


This message was automatically generated.



> Add Kerberos HTTP SPNEGO authentication support to HBase web consoles
> ---------------------------------------------------------------------
>
>                 Key: HBASE-5291
>                 URL: https://issues.apache.org/jira/browse/HBASE-5291
>             Project: HBase
>          Issue Type: Improvement
>          Components: master, regionserver, security
>            Reporter: Andrew Purtell
>            Assignee: Josh Elser
>             Fix For: 2.0.0
>
>         Attachments: HBASE-5291.001.patch
>
>
> Like HADOOP-7119, the same motivations:
> {quote}
> Hadoop RPC already supports Kerberos authentication. 
> {quote}
> As does the HBase secure RPC engine.
> {quote}
> Kerberos enables single sign-on.
> Popular browsers (Firefox and Internet Explorer) have support for Kerberos HTTP SPNEGO.
> Adding support for Kerberos HTTP SPNEGO to [HBase] web consoles would provide a unified
authentication mechanism and single sign-on for web UI and RPC.
> {quote}
> Also like HADOOP-7119, the same solution:
> A servlet filter is configured in front of all Hadoop web consoles for authentication.
> This filter verifies if the incoming request is already authenticated by the presence
of a signed HTTP cookie. If the cookie is present, its signature is valid and its value didn't
expire; then the request continues its way to the page invoked by the request. If the cookie
is not present, it is invalid or it expired; then the request is delegated to an authenticator
handler. The authenticator handler then is responsible for requesting/validating the user-agent
for the user credentials. This may require one or more additional interactions between the
authenticator handler and the user-agent (which will be multiple HTTP requests). Once the
authenticator handler verifies the credentials and generates an authentication token, a signed
cookie is returned to the user-agent for all subsequent invocations.
> The authenticator handler is pluggable and 2 implementations are provided out of the
box: pseudo/simple and kerberos.
> 1. The pseudo/simple authenticator handler is equivalent to the Hadoop pseudo/simple
authentication. It trusts the value of the user.name query string parameter. The pseudo/simple
authenticator handler supports an anonymous mode which accepts any request without requiring
the user.name query string parameter to create the token. This is the default behavior, preserving
the behavior of the HBase web consoles before this patch.
> 2. The kerberos authenticator handler implements the Kerberos HTTP SPNEGO implementation.
This authenticator handler will generate a token only if a successful Kerberos HTTP SPNEGO
interaction is performed between the user-agent and the authenticator. Browsers like Firefox
and Internet Explorer support Kerberos HTTP SPNEGO.
> We can build on the support added to Hadoop via HADOOP-7119. Should just be a matter
of wiring up the filter to our infoservers in a similar manner. 
> And from https://issues.apache.org/jira/browse/HBASE-5050?focusedCommentId=13171086&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13171086
> {quote}
> Hadoop 0.23 onwards has a hadoop-auth artifact that provides SPNEGO/Kerberos authentication
for webapps via a filter. You should consider using it. You don't have to move Hbase to 0.23
for that, just consume the hadoop-auth artifact, which has no dependencies on the rest of
Hadoop 0.23 artifacts.
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message