[ https://issues.apache.org/jira/browse/HADOOP-13707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399459#comment-16399459 ]
Hudson commented on HADOOP-13707: --------------------------------- ABORTED: Integrated in Jenkins build Hadoop-trunk-Commit #13838 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/13838/]) Revert "HADOOP-13707. If kerberos is enabled while HTTP SPNEGO is not (wangda: rev 252c2b4d52e0dd8984d6f2a8f292f40e1c347fab) * (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java > If kerberos is enabled while HTTP SPNEGO is not configured, some links cannot > be accessed > ----------------------------------------------------------------------------------------- > > Key: HADOOP-13707 > URL: https://issues.apache.org/jira/browse/HADOOP-13707 > Project: Hadoop Common > Issue Type: Bug > Reporter: Yuanbo Liu > Assignee: Yuanbo Liu > Priority: Major > Labels: security > Fix For: 2.8.0, 3.0.0-alpha2 > > Attachments: HADOOP-13707-branch-2-addendum.patch, > HADOOP-13707-branch-2.8.patch, HADOOP-13707-branch-2.patch, > HADOOP-13707.001.patch, HADOOP-13707.002.patch, HADOOP-13707.003.patch, > HADOOP-13707.004.patch > > > In {{HttpServer2#hasAdministratorAccess}}, it uses > `hadoop.security.authorization` to detect whether HTTP is authenticated. > It's not correct, because enabling Kerberos and HTTP SPNEGO are two steps. If > Kerberos is enabled while HTTP SPNEGO is not, some links cannot be accessed, > such as "/logs", and it will return error message as below: > {quote} > HTTP ERROR 403 > Problem accessing /logs/. Reason: > User dr.who is unauthorized to access this page. > {quote} > We should make sure {{HttpServletRequest#getAuthType}} is not null before we > invoke {{HttpServer2#hasAdministratorAccess}}. > {{getAuthType}} means to get the authorization scheme of this request -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org