[ https://issues.apache.org/jira/browse/HDFS-14525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16852267#comment-16852267 ]
Prabhu Joseph commented on HDFS-14525: -------------------------------------- bq. You actually want a secure cluster to accept anonymous users? Why do you even have security enabled? Then why we have a separate config hadoop.http.authentication.simple.anonymous.allowed which adds complexity in testing all the scenarios while making new changes. Yes the proposed change is wrong. I think the below will work. {code} UserGroupInformation.isSecurityEnabled() && !conf.get(hadoop.http.authentication.type).equals("simple") {code} > JspHelper ignores hadoop.http.authentication.type > ------------------------------------------------- > > Key: HDFS-14525 > URL: https://issues.apache.org/jira/browse/HDFS-14525 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs > Affects Versions: 3.2.0 > Reporter: Prabhu Joseph > Priority: Major > > On Secure Cluster With hadoop.http.authentication.type simple and > hadoop.http.authentication.anonymous.allowed is true, WebHdfs Rest Api fails > when user.name is not set. It runs fine if user.name=ambari-qa is set.. > {code} > [knox@pjosephdocker-1 ~]$ curl -sS -L -w '%{http_code}' -X GET -d '' -H > 'Content-Length: 0' --negotiate -u : > 'http://pjosephdocker-1.openstacklocal:50070/webhdfs/v1/services/sync/yarn-ats?op=GETFILESTATUS' > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: java.io.IOException: Security enabled but > user not authenticated by filter"}}403[knox@pjosephdocker-1 ~]$ > {code} > JspHelper#getUGI checks UserGroupInformation.isSecurityEnabled() instead of > conf.get(hadoop.http.authentication.type).equals("kerberos") to check if Http > is Secure causing the issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org