[jira] [Commented] (HDFS-4564) Webhdfs returns incorrect http response codes for denied operations

Fri, 28 Mar 2014 13:55:42 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-4564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13951371#comment-13951371
 ] 

Haohui Mai commented on HDFS-4564:
----------------------------------

bq. Since the server no longer erroneously returns 401, the only time a 401 is 
returned is by the auth filter. The filter has no knowledge of the servlet so 
json is not returned. Not special casing the 401 causes validateResponse to 
call jsonParse which blows up because the content-type isn't json.

Correct me if I'm wrong, but it looks like the following code handles the case 
you mentioned.
{code}
      try {
        m = jsonParse(conn, true);
      } catch(Exception e) {
        throw new IOException("Unexpected HTTP response: code=" + code + " != "
            + op.getExpectedHttpResponseCode() + ", " + op.toQueryString()
            + ", message=" + conn.getResponseMessage(), e);
      }
{code}

bq. ensureTokenInitialized is for the internal implicit token which is 
unrelated. Checking the TGT is necessary for explicitly getting, renewing, or 
canceling a token.

It looks to me that it should be done in the {{AuthenticatedURL}} class, but 
not in the webhdfs.

Popping up one level, given the fact that HADOOP-10301 has reached the 
consensus, I wonder why this is a blocker of 2.4. Frankly I'm still unclear 
what is broken and what is supposed to be fixed by this patch...

> Webhdfs returns incorrect http response codes for denied operations
> -------------------------------------------------------------------
>
>                 Key: HDFS-4564
>                 URL: https://issues.apache.org/jira/browse/HDFS-4564
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: webhdfs
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HDFS-4564.branch-23.patch, HDFS-4564.branch-23.patch, 
> HDFS-4564.branch-23.patch, HDFS-4564.patch, HDFS-4564.patch
>
>
> Webhdfs is returning 401 (Unauthorized) instead of 403 (Forbidden) when it's 
> denying operations.  Examples including rejecting invalid proxy user attempts 
> and renew/cancel with an invalid user.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to