I don't think this is actually what you want to do. First, JWTRedirectAuthenticationHandler is not a Servlet Filter it is a hadoop specific handler that plugs into the AuthenticationFilter - you may be able to use that but I don't really think that is preferred.
You are better off proxying access to Livy through Knox. In order to do that, you will need kerberos + doas enabled for Livy and Knox configured as a proxyuser. You will then need to include LIVY in the topology that is protecting your UIs with the SSOCookieProvider. On Fri, Jun 30, 2023 at 8:23 AM Поротиков Станислав Вячеславович via user < user@livy.apache.org> wrote: > Hello! > I'm trying use custom auth filter to get Livy UI through knox. > > I have set up kerberized hadoop cluster and several UI's as described here: > > > https://knox.apache.org/books/knox-1-6-0/user-guide.html#Hadoop+Configuration+Example > > > > Livy settings: > > > > livy.server.auth.type = KnoxSSO > > livy.server.auth.KnoxSSO.class = > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler > > livy.server.auth.KnoxSSO.param.authentication.provider.url = > https://${KNOX_DOMAIN}/gateway/knoxsso/api/v1/websso > > livy.server.auth.KnoxSSO.param.public.key.pem = > "${KNOX_CLIENT_TRUST_CERT}" > > > > I have copy jar file hadoop-auth-3.3.3.jar with > JWTRedirectAuthenticationHandler implementation to ${LIVY_HOME}/jars dir > and start the Livy server. > > But I get error: > > > > INFO InteractiveSessionManager: Heartbeat watchdog thread started. > > INFO LivyServer: KnoxSSO auth enabled > > Exception in thread "main" MultiException[java.lang.IllegalStateException: > class > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler > is not a javax.servlet.Filter, java.lang.IllegalStateException: class > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler > is not a javax.servlet.Filter] > > at org.eclipse.jetty.server.Server.doStart(Server.java:391) > > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > > at org.apache.livy.server.WebServer.start(WebServer.scala:108) > > at org.apache.livy.server.LivyServer.start(LivyServer.scala:317) > > at org.apache.livy.server.LivyServer$.main(LivyServer.scala:423) > > at org.apache.livy.server.LivyServer.main(LivyServer.scala) > > Caused by: MultiException[java.lang.IllegalStateException: class > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler > is not a javax.servlet.Filter, java.lang.IllegalStateException: class > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler > is not a javax.servlet.Filter] > > at > org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:863) > > at > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:349) > > at > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:778) > > at > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:262) > > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131) > > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:113) > > at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) > > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131) > > at org.eclipse.jetty.server.Server.start(Server.java:427) > > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105) > > at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) > > at org.eclipse.jetty.server.Server.doStart(Server.java:394) > > ... 5 more > > Suppressed: java.lang.IllegalStateException: class > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler > is not a javax.servlet.Filter > > at > org.eclipse.jetty.servlet.FilterHolder.doStart(FilterHolder.java:99) > > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > > at > org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:909) > > ... 18 more > > Caused by: java.lang.IllegalStateException: class > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler > is not a javax.servlet.Filter > > at > org.eclipse.jetty.servlet.FilterHolder.doStart(FilterHolder.java:99) > > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > > at > org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:872) > > ... 18 more > > > > Can you help me, how to pass custom auth filter properly? > > > > Best regards, > > Stanislav Porotikov > > >
