Failed to Download Authentication Credentials If the Username Is Too Long

Issue

In MRS clusters 3.0.2 to 3.1.0, a maximum of 32 characters are allowed in the username when a user is added. However, if the username contains more than 20 characters, the user fails to download the Keytab file, and status code "400 Bad Request" is displayed.

Symptom

In MRS clusters 3.0.2 to 3.1.0, a maximum of 32 characters are allowed in the username when a user is added. However, if the username contains more than 20 characters, the user fails to download the Keytab file, and status code "400 Bad Request" is displayed.

Cause Analysis

The validate-common-config.xml, validate-rule-session.xml, and validate-rule-user.xml configuration files in the /opt/Bigdata/om-server_*/apache-tomcat-*/webapps/web/WEB-INF/validate directory of the master node are incorrect and need to be modified.

Procedure

1. Log in to the master node as user omm and switch to the /opt/Bigdata/om-server_*/apache-tomcat-*/webapps/web/WEB-INF/validate directory.

   cd /opt/Bigdata/om-server_*/apache-tomcat-*/webapps/web/WEB-INF/validate

2. Modify the validate-common-config.xml file.

   vi validate-common-config.xml

   Change the maxLength value of the username from 32 to 64.

    <!-- Username -->
    <validators alias="USER_NAME">
           <validator name="RANGE_LENGTH_VALIDATOR" minLength="3"
               maxLength="64" />
           <validator name="REGEXP_VALIDATOR" rule="^[_a-zA-Z0-9\- ]+$" 
    </validators>

3. Modify the validate-rule-session.xml file.

   vi validate-rule-session.xml

   Change the rule value from 20 to 64.

     <!-- Download the credentials of the current user -->
     <param_validator url="/api/v2/session/user/keytab/download" method="get" errorHandler="com.huawei.bigdata.om.web.api.validate.SpecialValidatorErrorHandler" dataPattern="form">
                   <!-- Parameter name: File name -->
                   <!--Validation rule: userName_13-digit number_keytab.tar; case sensitive-->
                   <parameter name="file_name" required="true" errorKey="13-4000005" errorMessage="RESID_OM_API_SESSION_0013">
                           <validator name="REGEXP_VALIDATOR" rule="[\-\w ]{3,64}_\d{13}_keytab\.tar" caseSensitive="true" />
     </parameter>

4. Modify the validate-rule-user.xml file.

   vi validate-rule-user.xml

   Change the rule value from 20 to 64.

    <!--Download the user credentials  -->
       <param_validator url="/api/v2/permission/users/keytab/download" method="get" errorHandler="com.huawei.bigdata.om.web.api.validate.SpecialValidatorErrorHandler" dataPattern="form">
                <!--Mandatory; userName_13-digit number_keytab.tar; case sensitive-->
                <parameter name="file_name" required="true" errorKey="12-4000005" errorMessage="RESID_OM_API_AUTHORITY_0005">
                        <validator name="REGEXP_VALIDATOR" rule="[\-\w ]{3,64}_\d{13}_keytab\.tar" caseSensitive="true" />
                </parameter>
        </param_validator>

5. Restart Tomcat and wait until the startup is successful.
   1. Run the following command as user omm to query the PID of the Tomcat process:

      ps -ef|grep apache-tomcat

   2. Run the kill -9 PID command to forcibly stop the specified Tomcat process. For example:

      kill -9 1203

   3. Run the following command to restart Tomcat:

      sh ${BIGDATA_HOME}/om-server/tomcat/bin/startup.sh

6. Download the authentication credentials again.