Thomas Tauber-Marshall has uploaded this change for review. ( http://gerrit.cloudera.org:8080/14076
Change subject: IMPALA-8869: Fix handling of HTTP keep-alive when returning 401 ...................................................................... IMPALA-8869: Fix handling of HTTP keep-alive when returning 401 Recent work has added support for HTTP authentication both for the thrift hs2 interface and for the webserver. In both cases, we mishandle HTTP keep-alive semantics when returning a 401 because we close the connection but don't return a 'Connection: close' header, even though we're using HTTP/1.1 where keep-alive is assumed, which can cause clients to incorrectly believe that the connection has remained open. For the webserver, the fix is to enable keep-alive in squeasel so that the connection isn't closed after the 401 is returned. For the thrift hs2 interface, we throw an exception after the 401 which results in the connection being closed because otherwise it's tricky with the way thrift is structured to ensure that the unauthorized request isn't processed. So, the fix here is to return a 'Connection: close' header. Testing: - Ran existing HTTP auth tests. - Manually tested in a cluster with connections to Impala proxied through Apache Knox. Change-Id: I3d5f80dbcde5b623a1d0586b5d763a062dd21afa --- M be/src/transport/THttpServer.cpp M be/src/util/webserver.cc 2 files changed, 5 insertions(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/76/14076/1 -- To view, visit http://gerrit.cloudera.org:8080/14076 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I3d5f80dbcde5b623a1d0586b5d763a062dd21afa Gerrit-Change-Number: 14076 Gerrit-PatchSet: 1 Gerrit-Owner: Thomas Tauber-Marshall <tmarsh...@cloudera.com>
