[
https://issues.apache.org/jira/browse/HDFS-14845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934376#comment-16934376
]
Prabhu Joseph commented on HDFS-14845:
--------------------------------------
Thanks [~eyang] for detailed review.
{quote}All HttpFS unit tests are passing on my system. Which test requires a
separate ticket?
{quote}
I was trying to add a new class HttpFSAuthenticationFilterInitializer which
adds the HttpFSAuthenticationFilter instead of hardcoding in web.xml
(authFilter tag). With this new changes, tests were failing. Have ignored those
changes for now.
{quote}I think some logic to map the configuration are missing in patch 002.
{quote}
The httpfs.authentication.* configs are getting populated from
httpfs-default.xml in HttpFSServerWebApp#init() -> Server#initConfig()
{code:java}
String defaultConfig = name + "-default.xml";
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
InputStream inputStream = classLoader.getResourceAsStream(defaultConfig);
{code}
So always httpfs.authentication.* configs are present even if it is not defined
in httpfs-site.xml. Have tried to ignore httpfs-default.xml but some default
configs are required for startup.
One way it works is by removing httpfs.authentication.* set of configs from
httpfs-default.xml but user has to ensure these configs are defined in
https-site.xml either using prefix httpfs.authentication or
hadoop.http.authentication. Have attached [^HDFS-14845-003.patch] with this
changes. Please let me know if this approach is fine.
> Request is a replay (34) error in httpfs
> ----------------------------------------
>
> Key: HDFS-14845
> URL: https://issues.apache.org/jira/browse/HDFS-14845
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: httpfs
> Affects Versions: 3.3.0
> Environment: Kerberos and ZKDelgationTokenSecretManager enabled in
> HttpFS
> Reporter: Akira Ajisaka
> Assignee: Prabhu Joseph
> Priority: Critical
> Attachments: HDFS-14845-001.patch, HDFS-14845-002.patch,
> HDFS-14845-003.patch
>
>
> We are facing "Request is a replay (34)" error when accessing to HDFS via
> httpfs on trunk.
> {noformat}
> % curl -i --negotiate -u : "https://<host>:4443/webhdfs/v1/?op=liststatus"
> HTTP/1.1 401 Authentication required
> Date: Mon, 09 Sep 2019 06:00:04 GMT
> Date: Mon, 09 Sep 2019 06:00:04 GMT
> Pragma: no-cache
> X-Content-Type-Options: nosniff
> X-XSS-Protection: 1; mode=block
> WWW-Authenticate: Negotiate
> Set-Cookie: hadoop.auth=; Path=/; Secure; HttpOnly
> Cache-Control: must-revalidate,no-cache,no-store
> Content-Type: text/html;charset=iso-8859-1
> Content-Length: 271
> HTTP/1.1 403 GSSException: Failure unspecified at GSS-API level (Mechanism
> level: Request is a replay (34))
> Date: Mon, 09 Sep 2019 06:00:04 GMT
> Date: Mon, 09 Sep 2019 06:00:04 GMT
> Pragma: no-cache
> X-Content-Type-Options: nosniff
> X-XSS-Protection: 1; mode=block
> (snip)
> Set-Cookie: hadoop.auth=; Path=/; Secure; HttpOnly
> Cache-Control: must-revalidate,no-cache,no-store
> Content-Type: text/html;charset=iso-8859-1
> Content-Length: 413
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 403 GSSException: Failure unspecified at GSS-API level
> (Mechanism level: Request is a replay (34))</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing /webhdfs/v1/. Reason:
> <pre> GSSException: Failure unspecified at GSS-API level (Mechanism level:
> Request is a replay (34))</pre></p>
> </body>
> </html>
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
