You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Pan Yuxuan (JIRA)" <ji...@apache.org> on 2017/03/01 02:18:45 UTC

[jira] [Commented] (HBASE-17701) Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web ui

    [ https://issues.apache.org/jira/browse/HBASE-17701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15889348#comment-15889348 ] 

Pan Yuxuan commented on HBASE-17701:
------------------------------------

[~elserj] [~jerryhe]
Thanks for your remind of the JIRA HBASE-5291.
But I don't think they are the same. HBASE-5291 only support kerberos authentication, but in hadoop-auth, there are some other kinds of anthentication, such as token.
If HBase uses AuthenticationFilter, HBase will load the hadoop.http.authentication.* configurations from core-site.xml, in that way, the HBase ui can be authenticated by the way hadoop does. 

> Add HadoopAuthFilterInitializer to use hadoop-auth AuthenticationFilter for hbase web ui
> ----------------------------------------------------------------------------------------
>
>                 Key: HBASE-17701
>                 URL: https://issues.apache.org/jira/browse/HBASE-17701
>             Project: HBase
>          Issue Type: Improvement
>          Components: UI
>    Affects Versions: 1.2.4
>            Reporter: Pan Yuxuan
>         Attachments: HBASE-17701.v1.patch
>
>
> The HBase web UI is none secure by default, there is only one StaticUserWebFilter for a fake user.
> For Hadoop, we already have AuthenticationFilter for web authentication based on token or kerberos. So I think hbase can reuse the hadoop-auth AuthenticationFilter by adding a HadoopAuthFilterInitializer.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)