[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15189817#comment-15189817 ] Li Lu commented on HADOOP-12906: Patch LGTM. +1. Will commit shortly. > AuthenticatedURL translates a 404/Not Found into an AuthenticationException. > It isn't > - > > Key: HADOOP-12906 > URL: https://issues.apache.org/jira/browse/HADOOP-12906 > Project: Hadoop Common > Issue Type: Bug > Components: io, security >Affects Versions: 2.8.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Minor > Attachments: HADOOP-12906-001.patch > > > If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an > exception saying you are unauthed. > It's not checking the response code; 404 is an error all of its own, which > can be uprated as a FileNotFound Exception. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15186903#comment-15186903 ] Steve Loughran commented on HADOOP-12906: - failure unrelated; although no tests in the hadoop code, I have clearly demonstrated something downstream > AuthenticatedURL translates a 404/Not Found into an AuthenticationException. > It isn't > - > > Key: HADOOP-12906 > URL: https://issues.apache.org/jira/browse/HADOOP-12906 > Project: Hadoop Common > Issue Type: Bug > Components: io, security >Affects Versions: 2.8.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Minor > Attachments: HADOOP-12906-001.patch > > > If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an > exception saying you are unauthed. > It's not checking the response code; 404 is an error all of its own, which > can be uprated as a FileNotFound Exception. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15186203#comment-15186203 ] Mingliang Liu commented on HADOOP-12906: Understood. Thanks for the explanation (and the patch). > AuthenticatedURL translates a 404/Not Found into an AuthenticationException. > It isn't > - > > Key: HADOOP-12906 > URL: https://issues.apache.org/jira/browse/HADOOP-12906 > Project: Hadoop Common > Issue Type: Bug > Components: io, security >Affects Versions: 2.8.0 >Reporter: Steve Loughran >Priority: Minor > Attachments: HADOOP-12906-001.patch > > > If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an > exception saying you are unauthed. > It's not checking the response code; 404 is an error all of its own, which > can be uprated as a FileNotFound Exception. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15186121#comment-15186121 ] Hadoop QA commented on HADOOP-12906: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 17s {color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green} The patch does not contain any @author tags. {color} | | {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s {color} | {color:red} The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 9m 3s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 11m 57s {color} | {color:green} trunk passed with JDK v1.8.0_74 {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 9m 36s {color} | {color:green} trunk passed with JDK v1.7.0_95 {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 17s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 27s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 18s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 38s {color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 19s {color} | {color:green} trunk passed with JDK v1.8.0_74 {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 16s {color} | {color:green} trunk passed with JDK v1.7.0_95 {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 20s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 11m 41s {color} | {color:green} the patch passed with JDK v1.8.0_74 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 11m 41s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 8m 49s {color} | {color:green} the patch passed with JDK v1.7.0_95 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 8m 49s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 15s {color} | {color:green} hadoop-common-project/hadoop-auth: patch generated 0 new + 21 unchanged - 2 fixed = 21 total (was 23) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 21s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 14s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color} | {color:green} Patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 45s {color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 16s {color} | {color:green} the patch passed with JDK v1.8.0_74 {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s {color} | {color:green} the patch passed with JDK v1.7.0_95 {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 13m 54s {color} | {color:red} hadoop-auth in the patch failed with JDK v1.8.0_74. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 14m 22s {color} | {color:green} hadoop-auth in the patch passed with JDK v1.7.0_95. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 23s {color} | {color:green} Patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 85m 54s {color} | {color:black} {color} | \\ \\ || Reason || Tests || | JDK v1.8.0_74 Failed junit tests | hadoop.security.authentication.util.TestZKSignerSecretProvider | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:0ca8df7 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12792077/HADOOP-12906-001.patch | | JIRA Issue | HADOOP-12906 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle | | uname | Linux
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185843#comment-15185843 ] Steve Loughran commented on HADOOP-12906: - I thought of a switch, but then wondered which ones to handle. Bad argument 403 and server error 500 are the big two. Just doing 401 simplified the patch and was trivial to test in my (failing) test elsewhere > AuthenticatedURL translates a 404/Not Found into an AuthenticationException. > It isn't > - > > Key: HADOOP-12906 > URL: https://issues.apache.org/jira/browse/HADOOP-12906 > Project: Hadoop Common > Issue Type: Bug > Components: io, security >Affects Versions: 2.8.0 >Reporter: Steve Loughran >Priority: Minor > Attachments: HADOOP-12906-001.patch > > > If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an > exception saying you are unauthed. > It's not checking the response code; 404 is an error all of its own, which > can be uprated as a FileNotFound Exception. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185772#comment-15185772 ] Mingliang Liu commented on HADOOP-12906: +1 (non-binding). Though it's unrelated, I think it's good to have switch-case for branching resp code. > AuthenticatedURL translates a 404/Not Found into an AuthenticationException. > It isn't > - > > Key: HADOOP-12906 > URL: https://issues.apache.org/jira/browse/HADOOP-12906 > Project: Hadoop Common > Issue Type: Bug > Components: io, security >Affects Versions: 2.8.0 >Reporter: Steve Loughran >Priority: Minor > Attachments: HADOOP-12906-001.patch > > > If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an > exception saying you are unauthed. > It's not checking the response code; 404 is an error all of its own, which > can be uprated as a FileNotFound Exception. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185631#comment-15185631 ] Steve Loughran commented on HADOOP-12906: - Fixed stack. Note how the URL is complete, meaning is obvious, nobody will mistake for a kerberos problem, etc, etc. {code} java.io.FileNotFoundException: http://localhost:61098/api/v1/applications/application__/jobs?user.name=stevel at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:275) at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:212) at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:127) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:124) at org.apache.spark.deploy.history.yarn.rest.PrivilegedFunction.run(PrivilegedFunction.scala:31) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1708) {code} > AuthenticatedURL translates a 404/Not Found into an AuthenticationException. > It isn't > - > > Key: HADOOP-12906 > URL: https://issues.apache.org/jira/browse/HADOOP-12906 > Project: Hadoop Common > Issue Type: Bug > Components: io, security >Affects Versions: 2.8.0 >Reporter: Steve Loughran >Priority: Minor > > If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an > exception saying you are unauthed. > It's not checking the response code; 404 is an error all of its own, which > can be uprated as a FileNotFound Exception. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[ https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185615#comment-15185615 ] Steve Loughran commented on HADOOP-12906: - Stack {code} org.apache.spark.deploy.history.yarn.rest.UnauthorizedRequestException: Authentication failure as stevel (auth:SIMPLE) against http://localhost:60531/api/v1/applications/application__/jobs: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, status: 404, message: Not Found at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:131) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:124) at org.apache.spark.deploy.history.yarn.rest.PrivilegedFunction.run(PrivilegedFunction.scala:31) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1708) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector.openConnection(SpnegoUrlConnector.scala:123) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector.getHttpURLConnection(SpnegoUrlConnector.scala:108) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector.execHttpOperation(SpnegoUrlConnector.scala:194) at org.apache.spark.deploy.history.yarn.integration.AbstractHistoryIntegrationTests.getJsonResource(AbstractHistoryIntegrationTests.scala:474) ... Cause: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, status: 404, message: Not Found at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:274) at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:212) at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:215) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:127) at org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:124) at org.apache.spark.deploy.history.yarn.rest.PrivilegedFunction.run(PrivilegedFunction.scala:31) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1708) ... {code} > AuthenticatedURL translates a 404/Not Found into an AuthenticationException. > It isn't > - > > Key: HADOOP-12906 > URL: https://issues.apache.org/jira/browse/HADOOP-12906 > Project: Hadoop Common > Issue Type: Bug > Components: io, security >Affects Versions: 2.8.0 >Reporter: Steve Loughran > > If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an > exception saying you are unauthed. > It's not checking the response code; 404 is an error all of its own, which > can be uprated as a FileNotFound Exception. -- This message was sent by Atlassian JIRA (v6.3.4#6332)