[
https://issues.apache.org/jira/browse/HDFS-4564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13951379#comment-13951379
]
Jing Zhao commented on HDFS-4564:
---------------------------------
bq. I'm scrambling to get production hardening of webhdfs (more jiras to
follow) before the summit so can I move it in a later jira?
Sure. I'm fine with it.
bq. Checking the TGT is necessary for explicitly getting, renewing, or
canceling a token.
The current code also covers this for explicitly getting, renewing, or
canceling a token. Your patch changes this part and pass false to the url
factory so it bypasses the use of authenticated url (per your comments in
HADOOP-10301). Could you give more details how it works without using the
authenticated url?
> Webhdfs returns incorrect http response codes for denied operations
> -------------------------------------------------------------------
>
> Key: HDFS-4564
> URL: https://issues.apache.org/jira/browse/HDFS-4564
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: webhdfs
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HDFS-4564.branch-23.patch, HDFS-4564.branch-23.patch,
> HDFS-4564.branch-23.patch, HDFS-4564.patch, HDFS-4564.patch
>
>
> Webhdfs is returning 401 (Unauthorized) instead of 403 (Forbidden) when it's
> denying operations. Examples including rejecting invalid proxy user attempts
> and renew/cancel with an invalid user.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
