[
https://issues.apache.org/jira/browse/HADOOP-10301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15188400#comment-15188400
]
Robert Kanter commented on HADOOP-10301:
----------------------------------------
Pseudo Auth also behaves a little differently than it used to. It gives a 403
instead of a 401 in the above code. {{extractToken}} throws an
{{AuthenticationException}} if it doesn't see a 20X, so the updated code will
also handle this case. In any case, the behavior has changed and its also
different than Kerberos Auth, in that it does not give a new token here and
gives 403 instead of 200.
> AuthenticationFilter should return Forbidden for failed authentication
> ----------------------------------------------------------------------
>
> Key: HADOOP-10301
> URL: https://issues.apache.org/jira/browse/HADOOP-10301
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Fix For: 2.4.0
>
> Attachments: HADOOP-10301.branch-23.patch,
> HADOOP-10301.branch-23.patch, HADOOP-10301.patch, HADOOP-10301.patch,
> HADOOP-10301.patch
>
>
> The hadoop-auth AuthenticationFilter returns a 401 Unauthorized without a
> WWW-Authenticate headers. The is illegal per the HTTP RPC and causes a NPE
> in the HttpUrlConnection.
> This is half of a fix that affects webhdfs. See HDFS-4564.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
