[
https://issues.apache.org/jira/browse/HADOOP-10398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13943219#comment-13943219
]
Bowen Zhang commented on HADOOP-10398:
--------------------------------------
[~tucu00], when we disable anonymous request, the code works since
{code}
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK)
{code}
evaluates to false because we get 401 back. When we allow anonymous, the above
if statement returns true but there is no token. What is the special token you
are talking about?
> KerberosAuthenticator failed to fall back to PseudoAuthenticator after
> HADOOP-10078
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-10398
> URL: https://issues.apache.org/jira/browse/HADOOP-10398
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Tsz Wo Nicholas Sze
> Assignee: Tsz Wo Nicholas Sze
> Attachments: a.txt, c10398_20140310.patch
>
>
> {code}
> //KerberosAuthenticator.java
> if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
> LOG.debug("JDK performed authentication on our behalf.");
> // If the JDK already did the SPNEGO back-and-forth for
> // us, just pull out the token.
> AuthenticatedURL.extractToken(conn, token);
> return;
> } else ...
> {code}
> The problem of the code above is that HTTP_OK does not implies authentication
> completed. We should check if the token can be extracted successfully.
> This problem was reported by [~bowenzhangusa] in [this
> comment|https://issues.apache.org/jira/browse/HADOOP-10078?focusedCommentId=13896823&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13896823]
> earlier.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
