[
https://issues.apache.org/jira/browse/HADOOP-10301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13944327#comment-13944327
]
Haohui Mai commented on HADOOP-10301:
-------------------------------------
The patch generally looks good to me.
My concern is on the testing side. The change is going to affect all downstream
projects in secure set ups. Given the fact that 2.4 is coming up pretty soon, I
wonder, is it a good idea to put it in at the last minute? It seems to me that
there is insufficient time to test it in the 2.4 timeframe, which might break
downstream projects like Oozie unexpectedly.
Since we have move it as a blocker from 2.3 to 2.4, is it okay to move it to
2.5? More precisely, we can continue to make progress on this patch, but commit
it only to branch-2 for now. That way this change will be extensively tested in
the 2.5 timeframe, and leave the downstream projects enough time to fix any
bugs if they occur.
> AuthenticationFilter should return Forbidden for failed authentication
> ----------------------------------------------------------------------
>
> Key: HADOOP-10301
> URL: https://issues.apache.org/jira/browse/HADOOP-10301
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-10301.branch-23.patch,
> HADOOP-10301.branch-23.patch, HADOOP-10301.patch, HADOOP-10301.patch,
> HADOOP-10301.patch
>
>
> The hadoop-auth AuthenticationFilter returns a 401 Unauthorized without a
> WWW-Authenticate headers. The is illegal per the HTTP RPC and causes a NPE
> in the HttpUrlConnection.
> This is half of a fix that affects webhdfs. See HDFS-4564.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
