Hello All, Any suggestion on how to disable HTTP authentication for Kerberosed storm cluster, thanks
Regards, Prakash R On Fri, Jan 12, 2018 at 8:51 AM, prakash r <rprakashd...@gmail.com> wrote: > Hello All, > > We have configured Ranger plugin for Storm authorization and its kerberos > cluster. > > We have disabled by HTTP authentication, by changing the configuration > ui.filter as null > > We can able to view the UI, but if we send any request request like > getTopology, its failing (as the user is considered as null) > > *Curl Output :* > > HTTP/1.1 500 Server Error > Date: Thu, 11 Jan 2018 21:42:45 GMT > Cache-Control: no-cache, no-store > Content-Type: application/json;charset=utf-8 > Content-Length: 5459 > Server: Jetty(7.x.y-SNAPSHOT) > > {"error":"Internal Server Error","errorMessage":"AuthorizationException(msg:UI > request 'getTopology' for 'unknown' user is not authorized)\n\tat > org.apache.storm.ui.core$assert_authorized_user.invoke(core.clj:109)\n\tat > org.apache.storm.ui.core$fn__10090.invoke(core.clj:1060) > > > *Storm Log :* > > 2018-01-12 08:42:45.723 o.a.r.a.s.a.RangerStormAuthorizer qtp192318053-37 > [INFO] NULL User found from principal [null]: Skipping authorization; > allowedFlag => [false], Audit Enabled:false > 2018-01-12 08:42:45.723 o.a.r.a.s.a.RangerStormAuthorizer qtp192318053-37 > [DEBUG] [req 4] Access from: [null] user: [null], op: > [getTopology],topology: [crowdstrike] => returns [false], Audit > Enabled:false > 2018-01-12 08:42:45.723 o.a.r.p.c.RangerPluginClassLoader qtp192318053-37 > [DEBUG] ==> RangerPluginClassLoader.deactivate() > 2018-01-12 08:42:45.723 o.a.r.p.c.RangerPluginClassLoader qtp192318053-37 > [DEBUG] <== RangerPluginClassLoader.deactivate() > 2018-01-12 08:42:45.723 o.a.r.a.s.a.RangerStormAuthorizer qtp192318053-37 > [DEBUG] <== RangerStormAuthorizer.permit() > 2018-01-12 08:42:45.724 o.a.s.s.o.e.j.s.Server qtp192318053-37 [DEBUG] > RESPONSE /api/v1/topology/crowdstrike-2-1508896804 500 handled=true > > > > If we configure ui.filter: "org.apache.hadoop.security. > authentication.server.AuthenticationFilter" > > The curl output is as expected, we dont get any authorization failure. > > We want to disable UI authentication. > > Are we doing any mistake over here, is there anyway to avoid this issue, > please suggest, thanks > > > Regards, > Prakash R >