hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pan Yuxuan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-17701) Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web ui
Date Tue, 07 Mar 2017 09:00:42 GMT

    [ https://issues.apache.org/jira/browse/HBASE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15898990#comment-15898990
] 

Pan Yuxuan commented on HBASE-17701:
------------------------------------

[~elserj]
Hadoop has a Pseudo/Simple authentication, we can use a query string parameter, e.g. http://localhost:8088/cluster?user.name=babu.
(http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/HttpAuthentication.html)
Then a token with username babu will be generated and be stored as a cookie in the browser
that means the request has been authenticated.
The authentication is simple, but sometimes we don't want to use kerberos for web ui and want
use some easier ways for web ui authentication.
Maybe just add a HadoopAuthFilterInitializer is not enouth. If we want to add a web filter,
we must add a new class which extends the org.apache.hadoop.hbase.http.FilterInitializer.

I want to do some works, make HBase support some third party web filters which just implement
the javax.servlet.Filter interface and not extend the org.apache.hadoop.hbase.http.FilterInitializer.


> Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web
ui
> ----------------------------------------------------------------------------------------
>
>                 Key: HBASE-17701
>                 URL: https://issues.apache.org/jira/browse/HBASE-17701
>             Project: HBase
>          Issue Type: Improvement
>          Components: UI
>    Affects Versions: 1.2.4
>            Reporter: Pan Yuxuan
>         Attachments: HBASE-17701.v1.patch
>
>
> The HBase web UI is none secure by default, there is only one StaticUserWebFilter for
a fake user.
> For Hadoop, we already have AuthenticationFilter for web authentication based on token
or kerberos. So I think hbase can reuse the hadoop-auth AuthenticationFilter by adding a HadoopAuthFilterInitializer.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message