Repository: hadoop
Updated Branches:
  refs/heads/trunk efdf810cf -> d75cbc574


HADOOP-13693. Remove the message about HTTP OPTIONS in SPNEGO initialization 
message from kms audit log.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/d75cbc57
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/d75cbc57
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/d75cbc57

Branch: refs/heads/trunk
Commit: d75cbc5749808491d2b06f80506d95b6fb1b9e9c
Parents: efdf810
Author: Xiao Chen <x...@apache.org>
Authored: Tue Oct 18 18:24:37 2016 -0700
Committer: Xiao Chen <x...@apache.org>
Committed: Tue Oct 18 18:24:59 2016 -0700

----------------------------------------------------------------------
 .../crypto/key/kms/server/KMSAuthenticationFilter.java    | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/d75cbc57/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
----------------------------------------------------------------------
diff --git 
a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
 
b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
index 60f1918..928a8aa 100644
--- 
a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
+++ 
b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
@@ -145,9 +145,13 @@ public class KMSAuthenticationFilter
         requestURL.append("?").append(queryString);
       }
 
-      KMSWebApp.getKMSAudit().unauthenticated(
-          request.getRemoteHost(), method, requestURL.toString(),
-          kmsResponse.msg);
+      if (!method.equals("OPTIONS")) {
+        // an HTTP OPTIONS request is made as part of the SPNEGO authentication
+        // sequence. We do not need to audit log it, since it doesn't belong
+        // to KMS context. KMS server doesn't handle OPTIONS either.
+        KMSWebApp.getKMSAudit().unauthenticated(request.getRemoteHost(), 
method,
+            requestURL.toString(), kmsResponse.msg);
+      }
     }
   }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to