[
https://issues.apache.org/jira/browse/HBASE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15895259#comment-15895259
]
Josh Elser commented on HBASE-17701:
------------------------------------
bq. If HBase uses AuthenticationFilter, HBase will load the
hadoop.http.authentication.* configurations from core-site.xml, in that way,
the HBase ui can be authenticated by the way hadoop does.
I don't think we want to tie HBase to the same configuration properties that
Hadoop uses. That seems very brittle as we require Hadoop's configuration files
on the classpath. I would think that we would want our own configuration
properties.
Anyways, if you can be more specific about the kind of authentication you think
is missing (I don't know what token authentication means at a glance), and
write some tests to show it working, that would be a good addition.
> Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for
> hbase web ui
> ----------------------------------------------------------------------------------------
>
> Key: HBASE-17701
> URL: https://issues.apache.org/jira/browse/HBASE-17701
> Project: HBase
> Issue Type: Improvement
> Components: UI
> Affects Versions: 1.2.4
> Reporter: Pan Yuxuan
> Attachments: HBASE-17701.v1.patch
>
>
> The HBase web UI is none secure by default, there is only one
> StaticUserWebFilter for a fake user.
> For Hadoop, we already have AuthenticationFilter for web authentication based
> on token or kerberos. So I think hbase can reuse the hadoop-auth
> AuthenticationFilter by adding a HadoopAuthFilterInitializer.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
