[
https://issues.apache.org/jira/browse/HDFS-5796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14319269#comment-14319269
]
Haohui Mai commented on HDFS-5796:
----------------------------------
bq. That is incorrect. Permissions are checked as dr.who username. What version
are you observing this in specifically? That has never been the behaviour in
any Apache release I've known since 0.20.2.
Thanks for the clarification. I just checked the code and you're right. Now I
understand what you're coming from.
However, I think it is a bad idea to add it into the filter. Does it make sense
to just modify the UI to issue a `GET_DELEGATION_TOKEN` call to get a token
before browsing the filesystem?
> The file system browser in the namenode UI requires SPNEGO.
> -----------------------------------------------------------
>
> Key: HDFS-5796
> URL: https://issues.apache.org/jira/browse/HDFS-5796
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.5.0
> Reporter: Kihwal Lee
> Assignee: Arun Suresh
> Attachments: HDFS-5796.1.patch, HDFS-5796.1.patch, HDFS-5796.2.patch,
> HDFS-5796.3.patch, HDFS-5796.3.patch
>
>
> After HDFS-5382, the browser makes webhdfs REST calls directly, requiring
> SPNEGO to work between user's browser and namenode. This won't work if the
> cluster's security infrastructure is isolated from the regular network.
> Moreover, SPNEGO is not supposed to be required for user-facing web pages.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
