[
https://issues.apache.org/jira/browse/HDFS-4564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13951291#comment-13951291
]
Daryn Sharp commented on HDFS-4564:
-----------------------------------
# Since the server no longer erroneously returns 401, the only time a 401 is
returned is by the auth filter. The filter has no knowledge of the servlet so
json is not returned. Not special casing the 401 causes validateResponse to
call jsonParse which blows up because the content-type isn't json.
# I could move it but it doesn't logically change behavior. I'm scrambling to
get production hardening of webhdfs (more jiras to follow) before the summit so
can I move it in a later jira?
# ensureTokenInitialized is for the internal implicit token which is unrelated.
Checking the TGT is necessary for explicitly getting, renewing, or canceling a
token.
> Webhdfs returns incorrect http response codes for denied operations
> -------------------------------------------------------------------
>
> Key: HDFS-4564
> URL: https://issues.apache.org/jira/browse/HDFS-4564
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: webhdfs
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HDFS-4564.branch-23.patch, HDFS-4564.branch-23.patch,
> HDFS-4564.branch-23.patch, HDFS-4564.patch, HDFS-4564.patch
>
>
> Webhdfs is returning 401 (Unauthorized) instead of 403 (Forbidden) when it's
> denying operations. Examples including rejecting invalid proxy user attempts
> and renew/cancel with an invalid user.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
