[jira] [Commented] (HADOOP-8830) org.apache.hadoop.security.authentication.server.AuthenticationFilter might be called twice, causing kerberos replay errors

Thu, 23 Mar 2017 08:51:07 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-8830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938608#comment-15938608
 ] 

Hadoop QA commented on HADOOP-8830:
-----------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m  
0s{color} | {color:blue} Docker mode activated. {color} |
| {color:red}-1{color} | {color:red} patch {color} | {color:red}  0m  4s{color} 
| {color:red} HADOOP-8830 does not apply to trunk. Rebase required? Wrong 
Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | HADOOP-8830 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/12605624/HADOOP-8830.20131027.1.patch
 |
| Console output | 
https://builds.apache.org/job/PreCommit-HADOOP-Build/11897/console |
| Powered by | Apache Yetus 0.5.0-SNAPSHOT   http://yetus.apache.org |


This message was automatically generated.



> org.apache.hadoop.security.authentication.server.AuthenticationFilter might 
> be called twice, causing kerberos replay errors
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-8830
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8830
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.0.1-alpha, 2.1.0-beta, 2.1.1-beta, 2.2.0
>            Reporter: Moritz Moeller
>            Assignee: Omkar Vinit Joshi
>            Priority: Critical
>              Labels: BB2015-05-TBR
>         Attachments: HADOOP-8830.20131026.1.patch, 
> HADOOP-8830.20131027.1.patch
>
>
> AuthenticationFilter.doFilter is called twice (not sure if that is 
> intentional or not).
> The second time it is called the ServletRequest is already authenticated, 
> i.e. httpRequest.getRemoteUser() returns non-null info.
> If the kerberos authentication is triggered a second time it'll return a 
> replay attack exception.
> I solved this by adding a if (httpRequest.getRemoteUser() == null) at the 
> very beginning of doFilter.
> Alternatively one can set an attribute on the request, or figure out why 
> doFilter is called twice.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to