Looks like the disable behavior is a bug, could you file a JIRA?
Thanks
On Wed, Jul 12, 2017 at 9:36 PM, Thomas Weise <t...@apache.org> wrote:
> I'm working on a secure cluster that has authentication enabled for the
> YARN services.
>
> In my Apex setup, I have:
>
> <property>
>
> <name>apex.attr.STRAM_HTTP_AUTHENTICATION</name>
>
> <value>DISABLE</value>
>
> </property>
>
> "DISABLE - Disable authentication for web services."
>
> That's not what happens though, it rather follows the Hadoop setting and
> fails because in this case Kerberos is enabled and the keytab not
> configured.
>
> I think that if a DISABLE option is advertised, then it should turn off
> the authentication that gets inherited from the node manager environment.
>
> Configuration config = getConfig();
>
> if (SecurityUtils.isStramWebSecurityEnabled()) {
>
> config = new Configuration(config);
>
> config.set("hadoop.http.filter.initializers",
> StramWSFilterInitializer.class.getCanonicalName());
>
> } else {
>
> if (!"simple".equals(config.get(SecurityUtils.HADOOP_HTTP_AUTH_PROP)))
> {
>
> LOG.warn("Found http authentication {} but authentication was
> disabled in Apex.",
>
> config.get(SecurityUtils.HADOOP_HTTP_AUTH_PROP));
>
> config = new Configuration(config);
>
> // turn off authentication for Apex as specified by user
>
> config.set(SecurityUtils.HADOOP_HTTP_AUTH_PROP, "simple");
>
> }
>
> }
>
> It will also help tremendously when warning from jetty are not swallowed
> due to
>
> org.mortbay.log.Log.setLog(null);
>
> Otherwise there is just a "handler failed" message and the user has no way
> to know what went wrong without hacking the Apex code?
>
> Thanks,
> Thomas
>
>
>
