Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/14352 )
Change subject: IMPALA-9001: Fix SPNEGO for requests with no 'Authorization' ...................................................................... IMPALA-9001: Fix SPNEGO for requests with no 'Authorization' When SPNEGO was first implemented for both hs2 and the webui, the way we handled requests that did not include an "Authorization" header was to pass an empty string to gss-api and then return a "WWW-Authenticate: Negotiate <token>" where <token> was whatever was returned by gss-api. This works with some clients, but appears to fail with others. This patch modifies the behavior to not send the <token> with the initial WWW-Authenticate, which works with all tested clients. Testing: - Tested with curl, Knox, and Java's HttpURLConnection API. Change-Id: Id9b6ac99b799324ec22e95fd1eb022d5ad6f54bd Reviewed-on: http://gerrit.cloudera.org:8080/14352 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- M be/src/rpc/authentication.cc M be/src/util/webserver.cc 2 files changed, 10 insertions(+), 0 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/14352 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Id9b6ac99b799324ec22e95fd1eb022d5ad6f54bd Gerrit-Change-Number: 14352 Gerrit-PatchSet: 3 Gerrit-Owner: Thomas Tauber-Marshall <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Tim Armstrong <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]>
