[jira] [Comment Edited] (STORM-633) Nimbus - HTTP Error 413 full HEAD if using kerberos authentication

Wed, 21 Jan 2015 08:40:12 -0800 

    [ 
https://issues.apache.org/jira/browse/STORM-633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14285838#comment-14285838
 ] 

Adam Muise edited comment on STORM-633 at 1/21/15 4:37 PM:
-----------------------------------------------------------

Details on the 413 from a curl command local to the UI:

curl -i --negotiate -u:edi_storm -b ~/cookiejar.txt -c ~/cookiejar.txt 
http://ac95edimstr02xxxxxx:8744/api/v1/cluster/summary

HTTP/1.1 401 Authentication required
Date: Wed, 21 Jan 2015 16:34:43 GMT
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1317
Server: Jetty(7.6.13.v20130916)

HTTP/1.1 413 FULL head
Content-Length: 0
Connection: close
Server: Jetty(7.6.13.v20130916)


And here is the exception in the ui.log from the 413:

The offending header length comes from the Authorization property, it contains 
a long key. 

2015-01-19 08:38:45 o.a.h.s.a.s.AuthenticationFilter [WARN] Authentication 
exception: GSSException: Defective token detected (Mechanism level: GSSHeader 
did not find the right tag)
org.apache.hadoop.security.authentication.client.AuthenticationException: 
GSSException: Defective token detected (Mechanism level: GSSHeader did not find 
the right tag)
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:360)
 ~[hadoop-auth-2.4.0.jar:na]
        at 
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:357)
 ~[hadoop-auth-2.4.0.jar:na]
        at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
 [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:443) 
[jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1044)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372) 
[jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) 
[jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) 
[jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at org.eclipse.jetty.server.Server.handle(Server.java:369) 
[jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:933)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:995)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) 
[jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) 
[jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
 [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
 [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
 [jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) 
[jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916]
        at java.lang.Thread.run(Thread.java:745) [na:1.7.0_65]
Caused by: org.ietf.jgss.GSSException: Defective token detected (Mechanism 
level: GSSHeader did not find the right tag)
        at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97) ~[na:1.7.0_65]
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:306) 
~[na:1.7.0_65]
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) 
~[na:1.7.0_65]
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:327)
 ~[hadoop-auth-2.4.0.jar:na]
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:309)
 ~[hadoop-auth-2.4.0.jar:na]
        at java.security.AccessController.doPrivileged(Native Method) 
~[na:1.7.0_65]
        at javax.security.auth.Subject.doAs(Subject.java:415) ~[na:1.7.0_65]
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:309)
 ~[hadoop-auth-2.4.0.jar:na]
        ... 20 common frames omitted


was (Author: amuise):
Details on the 413 from a curl command local to the UI:

HTTP/1.1 401 Authentication required
Date: Wed, 21 Jan 2015 16:34:43 GMT
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1317
Server: Jetty(7.6.13.v20130916)

HTTP/1.1 413 FULL head
Content-Length: 0
Connection: close
Server: Jetty(7.6.13.v20130916)


And here is the exception in the ui.log from the 413:

The offending header length comes from the Authorization property, it contains 
a long key. 

2015-01-19 08:38:45 o.a.h.s.a.s.AuthenticationFilter [WARN] Authentication 
exception: GSSException: Defective token detected (Mechanism level: GSSHeader 
did not find the right tag)
org.apache.hadoop.security.authentication.client.AuthenticationException: 
GSSException: Defective token detected (Mechanism level: GSSHeader did not find 
the right tag)
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:360)
 ~[hadoop-auth-2.4.0.jar:na]
        at 
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:357)
 ~[hadoop-auth-2.4.0.jar:na]
        at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
 [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:443) 
[jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1044)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372) 
[jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) 
[jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) 
[jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at org.eclipse.jetty.server.Server.handle(Server.java:369) 
[jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:933)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:995)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) 
[jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) 
[jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
 [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
 [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
 [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
 [jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) 
[jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916]
        at java.lang.Thread.run(Thread.java:745) [na:1.7.0_65]
Caused by: org.ietf.jgss.GSSException: Defective token detected (Mechanism 
level: GSSHeader did not find the right tag)
        at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97) ~[na:1.7.0_65]
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:306) 
~[na:1.7.0_65]
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) 
~[na:1.7.0_65]
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:327)
 ~[hadoop-auth-2.4.0.jar:na]
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:309)
 ~[hadoop-auth-2.4.0.jar:na]
        at java.security.AccessController.doPrivileged(Native Method) 
~[na:1.7.0_65]
        at javax.security.auth.Subject.doAs(Subject.java:415) ~[na:1.7.0_65]
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:309)
 ~[hadoop-auth-2.4.0.jar:na]
        ... 20 common frames omitted

> Nimbus - HTTP Error 413 full HEAD if using kerberos authentication
> ------------------------------------------------------------------
>
>                 Key: STORM-633
>                 URL: https://issues.apache.org/jira/browse/STORM-633
>             Project: Apache Storm
>          Issue Type: Bug
>    Affects Versions: 0.9.3
>            Reporter: Kevin Risden
>
> When trying to access Nimbus that is kerberized, a HTTP 413 full HEAD error 
> is received. This seems related to the issue outlined in HADOOP-8816.
> Setting the Jetty header buffer size with ring-jetty is outlined on 
> Stackoverflow here: 
> http://stackoverflow.com/questions/9285096/clojure-ring-using-the-ring-jetty-adapter-large-requests-give-me-a-413-full-h
> The setting could be exposed like the host as done in STORM-575.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to