Hello,
We were trying to enable spark-history UI authentication through keycloak.
>From the spark documentation we found out that we can use javax filters to
enable the UI authentication. Keycloak already provides a java
keycloak-servlet-filter-adapter which can be used.
I have added the following configuration in spark-defaults.conf
spark.ui.filters org.keycloak.adapters.servlet.KeycloakOIDCFilter
spark.org.keycloak.adapters.servlet.KeycloakOIDCFilter.param.keycloak.config.file
/home/ag/spark-2.4.0-bin-2.7.3/conf/keycloak.json
I was facing the below issue while running
java.lang.IllegalStateException: No SessionManager
at
org.spark_project.jetty.server.Request.getSession(Request.java:1544)
at
org.keycloak.adapters.servlet.FilterSessionStore.saveRequest(FilterSessionStore.java:374)
This was because none of the ServletContext in spark-history has
sessionManangment. I have made the below changes
1. Added Session id manager in JettyUtils.scala
server.setSessionIdManager(new HashSessionIdManager())
1. Added session handler for all context -
contextHandler.setSessionHandler(new SessionHandler())
in
* JettyUtils.scala - at createServletHandler, createStaticHandler and
createProxyHandler
* HistoryServer.scala - at initialize for /history context
* ApiRootResource.scala - at getServletHandler for /api context.
1. Placed required Keycloak runtime jars in spark class-path.
Keycloak authentication seems to work, Is this the right approach ? If it is
fine I can submit a PR.
@Vanzin I saw that you have done some refactoring in spark UI code, in
https://github.com/apache/spark/pull/23302 can you please suggest some inputs.
Thanks and Regards,
Ajay G