[
https://issues.apache.org/jira/browse/HADOOP-8830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13603491#comment-13603491
]
Alejandro Abdelnur commented on HADOOP-8830:
--------------------------------------------
Before going into the issue, this JIRA is for Apache Hadoop, if using a CDH
release, you should use Cloudera JIRA or Cloudera support to report the problem.
Does this issue happen with an Apache release as well? The correct thing to do
would be to find out where the 2 registrations of the filter happen and get rid
of one.
> org.apache.hadoop.security.authentication.server.AuthenticationFilter might
> be called twice, causing kerberos replay errors
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-8830
> URL: https://issues.apache.org/jira/browse/HADOOP-8830
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.1-alpha
> Reporter: Moritz Moeller
>
> AuthenticationFilter.doFilter is called twice (not sure if that is
> intentional or not).
> The second time it is called the ServletRequest is already authenticated,
> i.e. httpRequest.getRemoteUser() returns non-null info.
> If the kerberos authentication is triggered a second time it'll return a
> replay attack exception.
> I solved this by adding a if (httpRequest.getRemoteUser() == null) at the
> very beginning of doFilter.
> Alternatively one can set an attribute on the request, or figure out why
> doFilter is called twice.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
