hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johndee Burks (JIRA)" <>
Subject [jira] [Commented] (HIVE-14737) Problem accessing /logs in a Kerberized Hive Server 2 Web UI
Date Fri, 07 Apr 2017 18:05:42 GMT


Johndee Burks commented on HIVE-14737:

I have looked into this and the problem is the following code. 

[Code Link|]

  protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
    // Do the authorization
    if (HttpServer.hasAdministratorAccess(getServletContext(), request,
        response)) {
      // Authorization is done. Just call super.
      super.doGet(request, response);

In a secure cluster HttpServer.hasAdministratorAccess will always evaluate false because of
HADOOP_SECURITY_AUTHORIZATION. The code can be seen below. 

[Code Link|]

  static boolean hasAdministratorAccess(
      ServletContext servletContext, HttpServletRequest request,
      HttpServletResponse response) throws IOException {
    Configuration conf =
        (Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE);
    // If there is no authorization, anybody has administrator access.
    if (!conf.getBoolean(
        CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
      return true;

I am fairly certain if HttpServer.hasAdministratorAccess is changed to HttpServer. isInstrumentationAccessAllowed
this would work without issue. I am looking into the implications of making this change. 

> Problem accessing /logs in a Kerberized Hive Server 2 Web UI
> ------------------------------------------------------------
>                 Key: HIVE-14737
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 1.1.0
>            Reporter: Matyas Orhidi
>            Assignee: Johndee Burks
> The /logs menu fails with error [1] when the cluster is Kerberized. Other menu items
are working properly.
> [1] HTTP ERROR: 401
> Problem accessing /logs/. Reason:
>     Unauthenticated users are not authorized to access this page.
> Powered by Jetty://

This message was sent by Atlassian JIRA

View raw message