[
https://issues.apache.org/jira/browse/HADOOP-10703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14369876#comment-14369876
]
Ryan Sasson commented on HADOOP-10703:
--------------------------------------
This patch does not fix the issue for authentication with a custom alt-kerberos
class, when browsing to the dfs file browser the console log says "Failed to
load resource: the server responded with a status of 401
(org.apache.hadoop.security.authentication.util.SignerException: Invalid
signature)" indicating that WebHDFS is not accepting the signature from the
hadoop.auth cookie issued when accessing the namenode UI.
The core of the problem is that the WebHDFS authentication filter is still
being initialized differently compared to the rest of the filters (which are
configured to be initialized with the AuthenticationFilterInitializer class).
Unifying the initialization of the WebHDFS authentication filter with the other
filters will fix this issue.
> HttpServer2 creates multiple authentication filters
> ---------------------------------------------------
>
> Key: HADOOP-10703
> URL: https://issues.apache.org/jira/browse/HADOOP-10703
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Fix For: 2.7.0
>
> Attachments: HADOOP-10703-002.patch, HADOOP-10703-003.patch,
> HADOOP-10703.patch, multiple-authenticationfilter-inits.log
>
>
> The HttpServer2.defineFilter creates a Filter instance for each context. By
> default, there are 3 contexts.
> So there will be 3 separate AuthenticationFilter instances and corresponding
> AuthenticationHandler instances. This also results in 3 separate
> initializations of AuthenticationHandler.
> The log file illustrating this repeated initialization is attached.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
