[
https://issues.apache.org/jira/browse/HDFS-10860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15847657#comment-15847657
]
John Zhuge commented on HDFS-10860:
-----------------------------------
bq. Sorry should have asked this in the KMS jira. The new index.html page for
loglevel/jmx/conf/logs looks nice and handy. But how does the security work
here? Have you tested this in a kerberized environment? I tried locally in a
pseudo-authenticated setup, it seems I can read/set everything even without the
user.name= param.
/conf, /jmx, /logLevel, and /stacks do report "Authentication required" when
{{user.name}} is not specified.
/logs do not require authentication. This does not seem right, will file
another JIRA to follow up.
> Switch HttpFS from Tomcat to Jetty
> ----------------------------------
>
> Key: HDFS-10860
> URL: https://issues.apache.org/jira/browse/HDFS-10860
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: httpfs
> Affects Versions: 2.6.0
> Reporter: John Zhuge
> Assignee: John Zhuge
> Attachments: HDFS-10860.001.patch, HDFS-10860.002.patch,
> HDFS-10860.003.patch, HDFS-10860.004.patch, HDFS-10860.005.patch,
> HDFS-10860.006.patch
>
>
> The Tomcat 6 we are using will reach EOL at the end of 2017. While there are
> other good options, I would propose switching to {{Jetty 9}} for the
> following reasons:
> * Easier migration. Both Tomcat and Jetty are based on {{Servlet
> Containers}}, so we don't have to change client code that much. It would
> require more work to switch to {{JAX-RS}}.
> * Well established.
> * Good performance and scalability.
> Other alternatives:
> * Jersey + Grizzly
> * Tomcat 8
> Your opinions will be greatly appreciated.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
