apache
[Improvement] RESTful API supports isolated authentication configuration
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
Search before asking
- [X] I have searched in the issues and found no similar issues.
What would you like to be improved?
kyuubi restful api uses the authentication method set by the kyuubi.authentication parameter, but sometimes users do not want to enable the authentication for restful api.
When kyuubi.authentication=KERBEROS, but kyuubi.spnego.xxx not set, an error will be reported, and http requests for "/api/v1" will fail.
WARN main org.apache.kyuubi.server.http.authentication.AuthenticationFilter: The authentication handler KerberosAuthenticationHandler for scheme NEGOTIATE is not supported.
Should we add a configuration parameter like
kyuubi.restful.authentication to control whether the restful api enables authentication?
How should we improve?
add a configuration parameter to supports restful api control authentication isolated.
Are you willing to submit PR?
- [X] Yes. I would be willing to submit a PR with guidance from the Kyuubi community to improve.
- [ ] No. I cannot submit a PR at this time.
I know the pain of Kerberos/SPNEGO for both user and administrator, as a workaround, it's allowed to configure multi-values on kyuubi.authentication, for example,
kyuubi.authentication=KERBEROS,LDAP
and even
kyuubi.authentication=KERBEROS,NONE
kyuubi.authentication=KERBEROS,NONE
look like kyuubi.authentication=KERBEROS,NONE can solve my problem, does NONE only work on restful api?
It also affects THRIFT-BINARY API.
Maybe in some scenarios we just want to turn off the authentication of restful api?
makes sense, u are welcome to have a try, but such a part is a little bit complex :)