[
https://issues.apache.org/jira/browse/HADOOP-11099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14137639#comment-14137639
]
Alejandro Abdelnur commented on HADOOP-11099:
---------------------------------------------
[~hitliuyi], the {{KMSExceptionsProvider}} only kicks when {{KMS}} processing
throws an exception. {{KMS}} processing kicks in only if the HTTP request has
been properly authenticated. The only reason you could get an
{{AuthenticatioException}} here is because the backend used by KMS throws that
exception. If that happens,KMS triggering a login request won't help, thus the
FORBIDDEN.
> KMS return HTTP UNAUTHORIZED 401 on ACL failure
> -----------------------------------------------
>
> Key: HADOOP-11099
> URL: https://issues.apache.org/jira/browse/HADOOP-11099
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.6.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-11099.patch
>
>
> The usual error, HTTP UNAUTHORIZED means is for authentication, not for
> authorization.
> KMS should return HTTP FORBIDDEN in case of ACL failure.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
