From d75cbc5749808491d2b06f80506d95b6fb1b9e9c Mon Sep 17 00:00:00 2001
From: Xiao Chen <xiao@apache.org>
Date: Tue, 18 Oct 2016 18:24:37 -0700
Subject: [PATCH] HADOOP-13693. Remove the message about HTTP OPTIONS in SPNEGO
 initialization message from kms audit log.

---
 .../crypto/key/kms/server/KMSAuthenticationFilter.java | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
index 60f191807d..928a8aa48f 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
@@ -145,9 +145,13 @@ public void doFilter(ServletRequest request, ServletResponse response,
         requestURL.append("?").append(queryString);
       }
 
-      KMSWebApp.getKMSAudit().unauthenticated(
-          request.getRemoteHost(), method, requestURL.toString(),
-          kmsResponse.msg);
+      if (!method.equals("OPTIONS")) {
+        // an HTTP OPTIONS request is made as part of the SPNEGO authentication
+        // sequence. We do not need to audit log it, since it doesn't belong
+        // to KMS context. KMS server doesn't handle OPTIONS either.
+        KMSWebApp.getKMSAudit().unauthenticated(request.getRemoteHost(), method,
+            requestURL.toString(), kmsResponse.msg);
+      }
     }
   }