diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterHttpServer.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterHttpServer.java
index d6a5146503..300bc072e5 100644
--- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterHttpServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterHttpServer.java
@@ -88,7 +88,9 @@ protected void serviceStart() throws Exception {
 
     this.httpServer = builder.build();
 
-    NameNodeHttpServer.initWebHdfs(conf, httpAddress.getHostName(), null,
+    String httpKeytab = conf.get(DFSUtil.getSpnegoKeytabKey(conf,
+        RBFConfigKeys.DFS_ROUTER_KEYTAB_FILE_KEY));
+    NameNodeHttpServer.initWebHdfs(conf, httpAddress.getHostName(), httpKeytab,
         httpServer, RouterWebHdfsMethods.class.getPackage().getName());
 
     this.httpServer.setAttribute(NAMENODE_ATTRIBUTE_KEY, this.router);
diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/web/RouterWebHDFSContract.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/web/RouterWebHDFSContract.java
index 02e9f39a47..4e205df14a 100644
--- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/web/RouterWebHDFSContract.java
+++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/fs/contract/router/web/RouterWebHDFSContract.java
@@ -55,16 +55,20 @@ public RouterWebHDFSContract(Configuration conf) {
   }
 
   public static void createCluster() throws IOException {
+    createCluster(new HdfsConfiguration());
+  }
+
+  public static void createCluster(Configuration conf) throws IOException {
     try {
-      HdfsConfiguration conf = new HdfsConfiguration();
       conf.addResource(CONTRACT_HDFS_XML);
       conf.addResource(CONTRACT_WEBHDFS_XML);
 
-      cluster = new MiniRouterDFSCluster(true, 2);
+      cluster = new MiniRouterDFSCluster(true, 2, conf);
 
       // Start NNs and DNs and wait until ready
-      cluster.startCluster();
+      cluster.startCluster(conf);
 
+      cluster.addRouterOverrides(conf);
       // Start routers with only an RPC service
       cluster.startRouters();
 
@@ -85,7 +89,7 @@ public static void createCluster() throws IOException {
       cluster.waitActiveNamespaces();
     } catch (Exception e) {
       cluster = null;
-      throw new IOException("Cannot start federated cluster", e);
+      throw new IOException(e.getCause());
     }
   }
 
diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterWithSecureStartup.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterWithSecureStartup.java
new file mode 100644
index 0000000000..7cc2c87796
--- /dev/null
+++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterWithSecureStartup.java
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.server.federation.router;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.contract.router.web.RouterWebHDFSContract;
+import org.junit.Rule;
+import org.junit.Test;
+import static org.junit.Assert.assertNotNull;
+import org.junit.rules.ExpectedException;
+import java.io.IOException;
+
+import static org.apache.hadoop.fs.contract.router.SecurityConfUtil.initSecurity;
+import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY;
+import static org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys.DFS_ROUTER_KEYTAB_FILE_KEY;
+
+
+/**
+ * Test secure router start up scenarios.
+ */
+public class TestRouterWithSecureStartup {
+
+  @Rule
+  public ExpectedException exceptionRule = ExpectedException.none();
+
+  @Test
+  public void testStartupWithoutSpnegoPrincipal() throws Exception {
+    testCluster(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY,
+        "Unable to initialize WebAppContext");
+  }
+
+  @Test
+  public void testStartupWithoutKeytab() throws Exception {
+    testCluster(DFS_ROUTER_KEYTAB_FILE_KEY,
+        "Running in secure mode, but config doesn't have a keytab");
+  }
+
+  @Test
+  public void testSuccessfulStartup() throws Exception {
+    Configuration conf = initSecurity();
+    RouterWebHDFSContract.createCluster(conf);
+    assertNotNull(RouterWebHDFSContract.getCluster());
+  }
+
+  private void testCluster(String configToTest, String message)
+      throws Exception {
+    Configuration conf = initSecurity();
+    conf.unset(configToTest);
+    exceptionRule.expect(IOException.class);
+    exceptionRule.expectMessage(message);
+    RouterWebHDFSContract.createCluster(conf);
+  }
+}