xiaozhch5 commented on issue #3791: URL: https://github.com/apache/incubator-kyuubi/issues/3791#issuecomment-1308448107
> It does not sound like a Kyuubi side issue, and I'm even not sure if it's a bug or caused by the wrong usage. The 401 response indicates that there are some issues with authentication/authorization. > > * have you checked the Ranger server log? > * what are your configurations of each component? It may be a configuration isssue in configing Kyuubi Spark AuthZ Plugin. At presenet, according to the instroduction of the document in "https://kyuubi.apache.org/docs/latest/security/authorization/spark/install.html#ranger-spark-security-xml";, the property of 'ranger.plugin.spark.policy.source.impl' is set to 'org.apache.ranger.admin.client.RangerAdminRESTClient'.  When spark sync the hive policy from Ranger Admin, it shoud use the username and password to authenticate the url http://ranger-admin.org:6080. But by default, if the property of 'ranger.plugin.spark.policy.source.impl' is set to 'org.apache.ranger.admin.client.RangerAdminRESTClient'. It doesn't authenticate with username and password. Therefore, I got the 401 response. So, I change some code of 'org.apache.ranger.admin.client.RangerAdminRESTClient', and pass username and password to it so that spark can successful sync the policy from Ranger Admin and pass the authentication of the url of http://ranger-admin.org:6080. Maybe the instroduction of the document in "https://kyuubi.apache.org/docs/latest/security/authorization/spark/install.html#ranger-spark-security-xml"; is not so complete? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
