[
https://issues.apache.org/jira/browse/HADOOP-10301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp updated HADOOP-10301:
---------------------------------
Target Version/s: 3.0.0, 2.4.0 (was: 3.0.0, 0.23.11, 2.5.0)
Yes, this must be in 2.4 to prevent client-side NPEs. We've been running the
patch internally for 2 months. It's been tested with oozie and other internal
tools.
> AuthenticationFilter should return Forbidden for failed authentication
> ----------------------------------------------------------------------
>
> Key: HADOOP-10301
> URL: https://issues.apache.org/jira/browse/HADOOP-10301
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-10301.branch-23.patch,
> HADOOP-10301.branch-23.patch, HADOOP-10301.patch, HADOOP-10301.patch,
> HADOOP-10301.patch
>
>
> The hadoop-auth AuthenticationFilter returns a 401 Unauthorized without a
> WWW-Authenticate headers. The is illegal per the HTTP RPC and causes a NPE
> in the HttpUrlConnection.
> This is half of a fix that affects webhdfs. See HDFS-4564.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
