Re: [PR] HDDS-13344. Fix ProxyUserAuthenticationFilter addition in HttpServer2 [ozone]

Tue, 26 Aug 2025 15:38:46 -0700 


dombizita commented on PR #8710:
URL: https://github.com/apache/ozone/pull/8710#issuecomment-3225944451

   > Instead of trying to duplicate the logic from 
`AuthenticationFilterInitializer` and `ProxyUserAuthenticationFilter`, we could 
simply create a copy of the configuration and set the properties that these 
initializers expect.
   > 
   > ```diff
   > diff --git 
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
 
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
   > index 4b9f628223..a86d3c8cfb 100644
   > --- 
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
   > +++ 
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
   > @@ -645,13 +645,13 @@ private void initializeWebServer(Builder builder) 
throws IOException {
   >            
LegacyHadoopConfigurationSource.asHadoopConfiguration(builder.conf);
   >        Map<String, String> filterConfig = getFilterConfigMap(hadoopConf,
   >            builder.authFilterConfigurationPrefix);
   > +      // create copy of the config with each <prefix>.<key> also added as 
hadoop.http.authentication.<key>
   > +      // (getFilterConfigMap removes prefix)
   > +      OzoneConfiguration copy = new OzoneConfiguration(hadoopConf);
   > +      filterConfig.forEach((k, v) -> 
copy.set("hadoop.http.authentication." + k, v));
   > +
   >        for (FilterInitializer c : initializers) {
   > -        if ((c instanceof AuthenticationFilterInitializer) && 
builder.securityEnabled) {
   > -          addFilter("authentication",
   > -              AuthenticationFilter.class.getName(), filterConfig);
   > -        } else {
   > -          c.initFilter(this, hadoopConf);
   > -        }
   > +        c.initFilter(this, copy);
   >        }
   >      }
   >  
   > ```
   > 
   > What do you think?
   
   Thanks for the review @adoroszlai! Overall it's a similar way to do it, but 
while testing your suggestion I found that my implementation with the usage of 
`addFilter()` won't call the `getFilterConfigMap` method properly (with the 
impersonation configs in place), so it's better to go with your suggestion! I 
updated my patch accordingly. 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to