From a7993ef5e8d34c16b1dbaaa562048456770dbf4b Mon Sep 17 00:00:00 2001 From: Alejandro Abdelnur Date: Fri, 4 May 2012 03:13:37 +0000 Subject: [PATCH] HADOOP-8355. SPNEGO filter throws/logs exception when authentication fails (tucu) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1333746 13f79535-47bb-0310-9956-ffa450edef68 --- .../authentication/server/AuthenticationFilter.java | 13 ++++++++----- hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java index b37f39a50c..28a4d3de90 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java @@ -327,6 +327,8 @@ protected AuthenticationToken getToken(HttpServletRequest request) throws IOExce @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { + boolean unauthorizedResponse = true; + String unauthorizedMsg = ""; HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; try { @@ -350,6 +352,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha newToken = true; } if (token != null) { + unauthorizedResponse = false; if (LOG.isDebugEnabled()) { LOG.debug("Request [{}] user [{}] authenticated", getRequestURL(httpRequest), token.getUserName()); } @@ -378,17 +381,17 @@ public Principal getUserPrincipal() { } filterChain.doFilter(httpRequest, httpResponse); } - else { - throw new AuthenticationException("Missing AuthenticationToken"); - } } catch (AuthenticationException ex) { + unauthorizedMsg = ex.toString(); + LOG.warn("Authentication exception: " + ex.getMessage(), ex); + } + if (unauthorizedResponse) { if (!httpResponse.isCommitted()) { Cookie cookie = createCookie(""); cookie.setMaxAge(0); httpResponse.addCookie(cookie); - httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, ex.getMessage()); + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, unauthorizedMsg); } - LOG.warn("Authentication exception: " + ex.getMessage(), ex); } } diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 3885f35da0..7cff92b1fc 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -418,6 +418,8 @@ Release 2.0.0 - UNRELEASED HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due to fixes introduced by the IBM JDK compatibility patch. (ddas) + HADOOP-8355. SPNEGO filter throws/logs exception when authentication fails (tucu) + BREAKDOWN OF HADOOP-7454 SUBTASKS HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh)