[ https://issues.apache.org/jira/browse/HADOOP-8830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13779484#comment-13779484 ]
Alejandro Abdelnur commented on HADOOP-8830: -------------------------------------------- I guess I'm missing something here, what would you gain by adding the cookie to the request? > org.apache.hadoop.security.authentication.server.AuthenticationFilter might > be called twice, causing kerberos replay errors > --------------------------------------------------------------------------------------------------------------------------- > > Key: HADOOP-8830 > URL: https://issues.apache.org/jira/browse/HADOOP-8830 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 2.0.1-alpha > Reporter: Moritz Moeller > > AuthenticationFilter.doFilter is called twice (not sure if that is > intentional or not). > The second time it is called the ServletRequest is already authenticated, > i.e. httpRequest.getRemoteUser() returns non-null info. > If the kerberos authentication is triggered a second time it'll return a > replay attack exception. > I solved this by adding a if (httpRequest.getRemoteUser() == null) at the > very beginning of doFilter. > Alternatively one can set an attribute on the request, or figure out why > doFilter is called twice. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira