[jira] [Commented] (HDFS-5661) Browsing FileSystem via web ui, should use datanode's hostname instead of ip address

Sat, 14 Dec 2013 12:05:51 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-5661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13848440#comment-13848440
 ] 

Haohui Mai commented on HDFS-5661:
----------------------------------

bq. AuthFilter.java is used only for webhdfs. While accessing JSP files, 
AuthenticationFilter is used and AuthenticationFilter does not use 
delegationToken.

All meaningful JSP on the datadode server (i.e., tail / browseBlock / 
browseDirectory) accesses the HDFS. You cannot proceed without a delegation 
token.

If you are able to access it without a DT, this is a security vulnerability and 
please file a jira to report it.

bq. Note that the use of IP address while generating redirectURL was introduced 
with HDFS-5307. It used to be fqdn before.

It calls {{InetSocketAddress#getCanonicalHostName()}} internally. It is broken 
when the machine have multiple DNS names.

Popping up one level, can you please restate what you are trying to achieve? 
The old UI is no longer under active development, it may be deprecated or 
removed at some point. It may be worthwhile to spend the time of migrating to 
the new UI.

> Browsing FileSystem via web ui, should use datanode's hostname instead of ip 
> address
> ------------------------------------------------------------------------------------
>
>                 Key: HDFS-5661
>                 URL: https://issues.apache.org/jira/browse/HDFS-5661
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.2.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HDFS-5661.patch
>
>
> If authentication is enabled on the web ui, then a cookie is used to keep 
> track of the authentication information. There is normally a domain 
> associated with the cookie. Since ip address doesn't have any domain , the 
> cookie will not be sent by the browser while making http calls with ip 
> address as the destination server.
> This will break browsing files system via web ui , if authentication is 
> enabled.
> Browsing FileSystem via web ui, should use datanode's hostname instead of ip 
> address. 



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Reply via email to