[ https://issues.apache.org/jira/browse/HADOOP-11099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14137639#comment-14137639 ]
Alejandro Abdelnur commented on HADOOP-11099: --------------------------------------------- [~hitliuyi], the {{KMSExceptionsProvider}} only kicks when {{KMS}} processing throws an exception. {{KMS}} processing kicks in only if the HTTP request has been properly authenticated. The only reason you could get an {{AuthenticatioException}} here is because the backend used by KMS throws that exception. If that happens,KMS triggering a login request won't help, thus the FORBIDDEN. > KMS return HTTP UNAUTHORIZED 401 on ACL failure > ----------------------------------------------- > > Key: HADOOP-11099 > URL: https://issues.apache.org/jira/browse/HADOOP-11099 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.6.0 > Reporter: Alejandro Abdelnur > Assignee: Alejandro Abdelnur > Attachments: HADOOP-11099.patch > > > The usual error, HTTP UNAUTHORIZED means is for authentication, not for > authorization. > KMS should return HTTP FORBIDDEN in case of ACL failure. -- This message was sent by Atlassian JIRA (v6.3.4#6332)