hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry He (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-17701) Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web ui
Date Thu, 09 Mar 2017 02:16:38 GMT

    [ https://issues.apache.org/jira/browse/HBASE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15902349#comment-15902349
] 

Jerry He commented on HBASE-17701:
----------------------------------

Hi, [~panyuxuan]

I see what you try to accomplish. But it is not necessary to pull in HadoopAuthFilterInitializer
and to use the hadoop.http.authentication.* properties.

HBASE-5291's implementation is consistent with the hadoop htttp way since it uses the hadoop
AuthenticationFilter.  The thing is that the parameter to AuthenticationFilter is hard set
to 'kerberos' if the hbase ui security in on.  hadoop AuthenticationFilter is designed to
be more flexible in the sense that it can accept other AuthenticationHandler implementation,
i.e. custom authentication class name. [Here|https://hadoop.apache.org/docs/r2.7.2/hadoop-auth/Configuration.html].
You should be able to provide a patch that improves and make the current implementation flexible
instead of entirely pulling in HadoopAuthFilterInitializer. 

> Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web
ui
> ----------------------------------------------------------------------------------------
>
>                 Key: HBASE-17701
>                 URL: https://issues.apache.org/jira/browse/HBASE-17701
>             Project: HBase
>          Issue Type: Improvement
>          Components: UI
>    Affects Versions: 1.2.4
>            Reporter: Pan Yuxuan
>         Attachments: HBASE-17701.v1.patch
>
>
> The HBase web UI is none secure by default, there is only one StaticUserWebFilter for
a fake user.
> For Hadoop, we already have AuthenticationFilter for web authentication based on token
or kerberos. So I think hbase can reuse the hadoop-auth AuthenticationFilter by adding a HadoopAuthFilterInitializer.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message