[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13807696#comment-13807696 ]
Robert Kanter commented on HADOOP-8883: --------------------------------------- Looking at that code snippet, it does indeed seem like that the {{Authorization}} header would be excluded and return {{null}}. But then it seems weird that this had fixed the problem. There's a unit test and we saw it fix the issue in OOZIE-1010. Is it possible that OpenJDK 1.7, OpenJDK 1.6, and Oracle JDK 7 exclude the header but Oracle JDK 6 does not? If so, then this could be a JDK compatibility issue, and we should create a new JIRA to figure out a new way of fixing this. Can you check if the unit test in the patch {{TestKerberosAuthenticator#testFallbacktoPseudoAuthenticatorAnonymous}} fails on OpenJDK 1.7, OpenJDK 1.6, or Oracle JDK 7? I'm sure it passes on Oracle JDK 6. > Anonymous fallback in KerberosAuthenticator is broken > ----------------------------------------------------- > > Key: HADOOP-8883 > URL: https://issues.apache.org/jira/browse/HADOOP-8883 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 2.0.3-alpha > Reporter: Robert Kanter > Assignee: Robert Kanter > Labels: security > Fix For: 2.0.3-alpha > > Attachments: HADOOP-8883.patch > > > HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the > SPNEGO already; but this change broke using the fallback authenticator > (PseudoAuthenticator) with an anonymous user (see OOZIE-1010). -- This message was sent by Atlassian JIRA (v6.1#6144)