hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haohui Mai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10301) AuthenticationFilter should return Forbidden for failed authentication
Date Sun, 23 Mar 2014 04:36:45 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13944327#comment-13944327
] 

Haohui Mai commented on HADOOP-10301:
-------------------------------------

The patch generally looks good to me.

My concern is on the testing side. The change is going to affect all downstream projects in
secure set ups. Given the fact that 2.4 is coming up pretty soon, I wonder, is it a good idea
to put it in at the last minute? It seems to me that there is insufficient time to test it
in the 2.4 timeframe, which might break downstream projects like Oozie unexpectedly.

Since we have move it as a blocker from 2.3 to 2.4, is it okay to move it to 2.5? More precisely,
we can continue to make progress on this patch, but commit it only to branch-2 for now. That
way this change will be extensively tested in the 2.5 timeframe, and leave the downstream
projects enough time to fix any bugs if they occur.

> AuthenticationFilter should return Forbidden for failed authentication
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-10301
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10301
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-10301.branch-23.patch, HADOOP-10301.branch-23.patch, HADOOP-10301.patch,
HADOOP-10301.patch, HADOOP-10301.patch
>
>
> The hadoop-auth AuthenticationFilter returns a 401 Unauthorized without a WWW-Authenticate
headers.  The is illegal per the HTTP RPC and causes a NPE in the HttpUrlConnection.
> This is half of a fix that affects webhdfs.  See HDFS-4564.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message