I will open a PR.
On Wed, Jul 12, 2017 at 10:07 PM, Pramod Immaneni <pra...@datatorrent.com>
wrote:
> Looks like the disable behavior is a bug, could you file a JIRA?
>
> Thanks
>
> On Wed, Jul 12, 2017 at 9:36 PM, Thomas Weise <t...@apache.org> wrote:
>
>> I'm working on a secure cluster that has authentication enabled for the
>> YARN services.
>>
>> In my Apex setup, I have:
>>
>> <property>
>>
>> <name>apex.attr.STRAM_HTTP_AUTHENTICATION</name>
>>
>> <value>DISABLE</value>
>>
>> </property>
>>
>> "DISABLE - Disable authentication for web services."
>>
>> That's not what happens though, it rather follows the Hadoop setting and
>> fails because in this case Kerberos is enabled and the keytab not
>> configured.
>>
>> I think that if a DISABLE option is advertised, then it should turn off
>> the authentication that gets inherited from the node manager environment.
>>
>> Configuration config = getConfig();
>>
>> if (SecurityUtils.isStramWebSecurityEnabled()) {
>>
>> config = new Configuration(config);
>>
>> config.set("hadoop.http.filter.initializers",
>> StramWSFilterInitializer.class.getCanonicalName());
>>
>> } else {
>>
>> if (!"simple".equals(config.get(SecurityUtils.HADOOP_HTTP_AUTH_PROP)))
>> {
>>
>> LOG.warn("Found http authentication {} but authentication was
>> disabled in Apex.",
>>
>> config.get(SecurityUtils.HADOOP_HTTP_AUTH_PROP));
>>
>> config = new Configuration(config);
>>
>> // turn off authentication for Apex as specified by user
>>
>> config.set(SecurityUtils.HADOOP_HTTP_AUTH_PROP, "simple");
>>
>> }
>>
>> }
>>
>> It will also help tremendously when warning from jetty are not swallowed
>> due to
>>
>> org.mortbay.log.Log.setLog(null);
>>
>> Otherwise there is just a "handler failed" message and the user has no
>> way to know what went wrong without hacking the Apex code?
>>
>> Thanks,
>> Thomas
>>
>>
>>
>
