[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15189817#comment-15189817
]
Li Lu commented on HADOOP-12906:
Patch LGTM. +1. Will commit shortly.
> AuthenticatedURL translates a 404/Not Found into an AuthenticationException.
> It isn't
> -
>
> Key: HADOOP-12906
> URL: https://issues.apache.org/jira/browse/HADOOP-12906
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
>Affects Versions: 2.8.0
>Reporter: Steve Loughran
>Assignee: Steve Loughran
>Priority: Minor
> Attachments: HADOOP-12906-001.patch
>
>
> If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an
> exception saying you are unauthed.
> It's not checking the response code; 404 is an error all of its own, which
> can be uprated as a FileNotFound Exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15186903#comment-15186903
]
Steve Loughran commented on HADOOP-12906:
-
failure unrelated; although no tests in the hadoop code, I have clearly
demonstrated something downstream
> AuthenticatedURL translates a 404/Not Found into an AuthenticationException.
> It isn't
> -
>
> Key: HADOOP-12906
> URL: https://issues.apache.org/jira/browse/HADOOP-12906
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
>Affects Versions: 2.8.0
>Reporter: Steve Loughran
>Assignee: Steve Loughran
>Priority: Minor
> Attachments: HADOOP-12906-001.patch
>
>
> If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an
> exception saying you are unauthed.
> It's not checking the response code; 404 is an error all of its own, which
> can be uprated as a FileNotFound Exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15186203#comment-15186203
]
Mingliang Liu commented on HADOOP-12906:
Understood. Thanks for the explanation (and the patch).
> AuthenticatedURL translates a 404/Not Found into an AuthenticationException.
> It isn't
> -
>
> Key: HADOOP-12906
> URL: https://issues.apache.org/jira/browse/HADOOP-12906
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
>Affects Versions: 2.8.0
>Reporter: Steve Loughran
>Priority: Minor
> Attachments: HADOOP-12906-001.patch
>
>
> If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an
> exception saying you are unauthed.
> It's not checking the response code; 404 is an error all of its own, which
> can be uprated as a FileNotFound Exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15186121#comment-15186121
]
Hadoop QA commented on HADOOP-12906:
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 17s
{color} | {color:blue} Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s
{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s
{color} | {color:red} The patch doesn't appear to include any new or modified
tests. Please justify why no new tests are needed for this patch. Also please
list what manual steps were performed to verify this patch. {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 9m
3s {color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 11m
57s {color} | {color:green} trunk passed with JDK v1.8.0_74 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 9m 36s
{color} | {color:green} trunk passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
17s {color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 27s
{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
18s {color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m
38s {color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 19s
{color} | {color:green} trunk passed with JDK v1.8.0_74 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 16s
{color} | {color:green} trunk passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m
20s {color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 11m
41s {color} | {color:green} the patch passed with JDK v1.8.0_74 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 11m 41s
{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 8m 49s
{color} | {color:green} the patch passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 8m 49s
{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
15s {color} | {color:green} hadoop-common-project/hadoop-auth: patch generated
0 new + 21 unchanged - 2 fixed = 21 total (was 23) {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 21s
{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
14s {color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s {color} | {color:green} Patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m
45s {color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 16s
{color} | {color:green} the patch passed with JDK v1.8.0_74 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s
{color} | {color:green} the patch passed with JDK v1.7.0_95 {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 13m 54s {color}
| {color:red} hadoop-auth in the patch failed with JDK v1.8.0_74. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 14m 22s
{color} | {color:green} hadoop-auth in the patch passed with JDK v1.7.0_95.
{color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
23s {color} | {color:green} Patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 85m 54s {color}
| {color:black} {color} |
\\
\\
|| Reason || Tests ||
| JDK v1.8.0_74 Failed junit tests |
hadoop.security.authentication.util.TestZKSignerSecretProvider |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Image:yetus/hadoop:0ca8df7 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12792077/HADOOP-12906-001.patch
|
| JIRA Issue | HADOOP-12906 |
| Optional Tests | asflicense compile javac javadoc mvninstall mvnsite
unit findbugs checkstyle |
| uname | Linux
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185843#comment-15185843
]
Steve Loughran commented on HADOOP-12906:
-
I thought of a switch, but then wondered which ones to handle. Bad argument 403
and server error 500 are the big two. Just doing 401 simplified the patch and
was trivial to test in my (failing) test elsewhere
> AuthenticatedURL translates a 404/Not Found into an AuthenticationException.
> It isn't
> -
>
> Key: HADOOP-12906
> URL: https://issues.apache.org/jira/browse/HADOOP-12906
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
>Affects Versions: 2.8.0
>Reporter: Steve Loughran
>Priority: Minor
> Attachments: HADOOP-12906-001.patch
>
>
> If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an
> exception saying you are unauthed.
> It's not checking the response code; 404 is an error all of its own, which
> can be uprated as a FileNotFound Exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185772#comment-15185772
]
Mingliang Liu commented on HADOOP-12906:
+1 (non-binding).
Though it's unrelated, I think it's good to have switch-case for branching resp
code.
> AuthenticatedURL translates a 404/Not Found into an AuthenticationException.
> It isn't
> -
>
> Key: HADOOP-12906
> URL: https://issues.apache.org/jira/browse/HADOOP-12906
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
>Affects Versions: 2.8.0
>Reporter: Steve Loughran
>Priority: Minor
> Attachments: HADOOP-12906-001.patch
>
>
> If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an
> exception saying you are unauthed.
> It's not checking the response code; 404 is an error all of its own, which
> can be uprated as a FileNotFound Exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185631#comment-15185631
]
Steve Loughran commented on HADOOP-12906:
-
Fixed stack. Note how the URL is complete, meaning is obvious, nobody will
mistake for a kerberos problem, etc, etc.
{code}
java.io.FileNotFoundException:
http://localhost:61098/api/v1/applications/application__/jobs?user.name=stevel
at
org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:275)
at
org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77)
at
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:212)
at
org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:127)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:124)
at
org.apache.spark.deploy.history.yarn.rest.PrivilegedFunction.run(PrivilegedFunction.scala:31)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1708)
{code}
> AuthenticatedURL translates a 404/Not Found into an AuthenticationException.
> It isn't
> -
>
> Key: HADOOP-12906
> URL: https://issues.apache.org/jira/browse/HADOOP-12906
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
>Affects Versions: 2.8.0
>Reporter: Steve Loughran
>Priority: Minor
>
> If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an
> exception saying you are unauthed.
> It's not checking the response code; 404 is an error all of its own, which
> can be uprated as a FileNotFound Exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-12906) AuthenticatedURL translates a 404/Not Found into an AuthenticationException. It isn't
[
https://issues.apache.org/jira/browse/HADOOP-12906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15185615#comment-15185615
]
Steve Loughran commented on HADOOP-12906:
-
Stack
{code}
org.apache.spark.deploy.history.yarn.rest.UnauthorizedRequestException:
Authentication failure as stevel (auth:SIMPLE) against
http://localhost:60531/api/v1/applications/application__/jobs:
org.apache.hadoop.security.authentication.client.AuthenticationException:
Authentication failed, status: 404, message: Not Found
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:131)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:124)
at
org.apache.spark.deploy.history.yarn.rest.PrivilegedFunction.run(PrivilegedFunction.scala:31)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1708)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector.openConnection(SpnegoUrlConnector.scala:123)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector.getHttpURLConnection(SpnegoUrlConnector.scala:108)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector.execHttpOperation(SpnegoUrlConnector.scala:194)
at
org.apache.spark.deploy.history.yarn.integration.AbstractHistoryIntegrationTests.getJsonResource(AbstractHistoryIntegrationTests.scala:474)
...
Cause:
org.apache.hadoop.security.authentication.client.AuthenticationException:
Authentication failed, status: 404, message: Not Found
at
org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:274)
at
org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77)
at
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:212)
at
org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:215)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:127)
at
org.apache.spark.deploy.history.yarn.rest.SpnegoUrlConnector$$anonfun$1.apply(SpnegoUrlConnector.scala:124)
at
org.apache.spark.deploy.history.yarn.rest.PrivilegedFunction.run(PrivilegedFunction.scala:31)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1708)
...
{code}
> AuthenticatedURL translates a 404/Not Found into an AuthenticationException.
> It isn't
> -
>
> Key: HADOOP-12906
> URL: https://issues.apache.org/jira/browse/HADOOP-12906
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
>Affects Versions: 2.8.0
>Reporter: Steve Loughran
>
> If you ask for a URL that isn't there, {{AuthenticatedURL}} raises an
> exception saying you are unauthed.
> It's not checking the response code; 404 is an error all of its own, which
> can be uprated as a FileNotFound Exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
