HADOOP-13693. Remove the message about HTTP OPTIONS in SPNEGO initialization message from kms audit log.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/d75cbc57 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/d75cbc57 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/d75cbc57 Branch: refs/heads/HDFS-7240 Commit: d75cbc5749808491d2b06f80506d95b6fb1b9e9c Parents: efdf810 Author: Xiao Chen <x...@apache.org> Authored: Tue Oct 18 18:24:37 2016 -0700 Committer: Xiao Chen <x...@apache.org> Committed: Tue Oct 18 18:24:59 2016 -0700 ---------------------------------------------------------------------- .../crypto/key/kms/server/KMSAuthenticationFilter.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/d75cbc57/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java index 60f1918..928a8aa 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java @@ -145,9 +145,13 @@ public class KMSAuthenticationFilter requestURL.append("?").append(queryString); } - KMSWebApp.getKMSAudit().unauthenticated( - request.getRemoteHost(), method, requestURL.toString(), - kmsResponse.msg); + if (!method.equals("OPTIONS")) { + // an HTTP OPTIONS request is made as part of the SPNEGO authentication + // sequence. We do not need to audit log it, since it doesn't belong + // to KMS context. KMS server doesn't handle OPTIONS either. + KMSWebApp.getKMSAudit().unauthenticated(request.getRemoteHost(), method, + requestURL.toString(), kmsResponse.msg); + } } } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org