hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haohui Mai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4564) Webhdfs returns incorrect http response codes for denied operations
Date Fri, 28 Mar 2014 20:55:21 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13951371#comment-13951371
] 

Haohui Mai commented on HDFS-4564:
----------------------------------

bq. Since the server no longer erroneously returns 401, the only time a 401 is returned is
by the auth filter. The filter has no knowledge of the servlet so json is not returned. Not
special casing the 401 causes validateResponse to call jsonParse which blows up because the
content-type isn't json.

Correct me if I'm wrong, but it looks like the following code handles the case you mentioned.
{code}
      try {
        m = jsonParse(conn, true);
      } catch(Exception e) {
        throw new IOException("Unexpected HTTP response: code=" + code + " != "
            + op.getExpectedHttpResponseCode() + ", " + op.toQueryString()
            + ", message=" + conn.getResponseMessage(), e);
      }
{code}

bq. ensureTokenInitialized is for the internal implicit token which is unrelated. Checking
the TGT is necessary for explicitly getting, renewing, or canceling a token.

It looks to me that it should be done in the {{AuthenticatedURL}} class, but not in the webhdfs.

Popping up one level, given the fact that HADOOP-10301 has reached the consensus, I wonder
why this is a blocker of 2.4. Frankly I'm still unclear what is broken and what is supposed
to be fixed by this patch...

> Webhdfs returns incorrect http response codes for denied operations
> -------------------------------------------------------------------
>
>                 Key: HDFS-4564
>                 URL: https://issues.apache.org/jira/browse/HDFS-4564
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: webhdfs
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HDFS-4564.branch-23.patch, HDFS-4564.branch-23.patch, HDFS-4564.branch-23.patch,
HDFS-4564.patch, HDFS-4564.patch
>
>
> Webhdfs is returning 401 (Unauthorized) instead of 403 (Forbidden) when it's denying
operations.  Examples including rejecting invalid proxy user attempts and renew/cancel with
an invalid user.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message