[ https://issues.apache.org/jira/browse/HDFS-14845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934376#comment-16934376 ]
Prabhu Joseph commented on HDFS-14845: -------------------------------------- Thanks [~eyang] for detailed review. {quote}All HttpFS unit tests are passing on my system. Which test requires a separate ticket? {quote} I was trying to add a new class HttpFSAuthenticationFilterInitializer which adds the HttpFSAuthenticationFilter instead of hardcoding in web.xml (authFilter tag). With this new changes, tests were failing. Have ignored those changes for now. {quote}I think some logic to map the configuration are missing in patch 002. {quote} The httpfs.authentication.* configs are getting populated from httpfs-default.xml in HttpFSServerWebApp#init() -> Server#initConfig() {code:java} String defaultConfig = name + "-default.xml"; ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); InputStream inputStream = classLoader.getResourceAsStream(defaultConfig); {code} So always httpfs.authentication.* configs are present even if it is not defined in httpfs-site.xml. Have tried to ignore httpfs-default.xml but some default configs are required for startup. One way it works is by removing httpfs.authentication.* set of configs from httpfs-default.xml but user has to ensure these configs are defined in https-site.xml either using prefix httpfs.authentication or hadoop.http.authentication. Have attached [^HDFS-14845-003.patch] with this changes. Please let me know if this approach is fine. > Request is a replay (34) error in httpfs > ---------------------------------------- > > Key: HDFS-14845 > URL: https://issues.apache.org/jira/browse/HDFS-14845 > Project: Hadoop HDFS > Issue Type: Bug > Components: httpfs > Affects Versions: 3.3.0 > Environment: Kerberos and ZKDelgationTokenSecretManager enabled in > HttpFS > Reporter: Akira Ajisaka > Assignee: Prabhu Joseph > Priority: Critical > Attachments: HDFS-14845-001.patch, HDFS-14845-002.patch, > HDFS-14845-003.patch > > > We are facing "Request is a replay (34)" error when accessing to HDFS via > httpfs on trunk. > {noformat} > % curl -i --negotiate -u : "https://<host>:4443/webhdfs/v1/?op=liststatus" > HTTP/1.1 401 Authentication required > Date: Mon, 09 Sep 2019 06:00:04 GMT > Date: Mon, 09 Sep 2019 06:00:04 GMT > Pragma: no-cache > X-Content-Type-Options: nosniff > X-XSS-Protection: 1; mode=block > WWW-Authenticate: Negotiate > Set-Cookie: hadoop.auth=; Path=/; Secure; HttpOnly > Cache-Control: must-revalidate,no-cache,no-store > Content-Type: text/html;charset=iso-8859-1 > Content-Length: 271 > HTTP/1.1 403 GSSException: Failure unspecified at GSS-API level (Mechanism > level: Request is a replay (34)) > Date: Mon, 09 Sep 2019 06:00:04 GMT > Date: Mon, 09 Sep 2019 06:00:04 GMT > Pragma: no-cache > X-Content-Type-Options: nosniff > X-XSS-Protection: 1; mode=block > (snip) > Set-Cookie: hadoop.auth=; Path=/; Secure; HttpOnly > Cache-Control: must-revalidate,no-cache,no-store > Content-Type: text/html;charset=iso-8859-1 > Content-Length: 413 > <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > <title>Error 403 GSSException: Failure unspecified at GSS-API level > (Mechanism level: Request is a replay (34))</title> > </head> > <body><h2>HTTP ERROR 403</h2> > <p>Problem accessing /webhdfs/v1/. Reason: > <pre> GSSException: Failure unspecified at GSS-API level (Mechanism level: > Request is a replay (34))</pre></p> > </body> > </html> > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org