From ec43a33e2c9a6ab4b4ca313f8350f7f1c1d66647 Mon Sep 17 00:00:00 2001 From: Alejandro Abdelnur Date: Tue, 16 Oct 2012 17:39:27 +0000 Subject: [PATCH] HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1398895 13f79535-47bb-0310-9956-ffa450edef68 --- .../authentication/client/KerberosAuthenticator.java | 2 +- .../authentication/client/AuthenticatorTestCase.java | 2 ++ .../authentication/client/TestKerberosAuthenticator.java | 8 ++++++++ hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java index 14e8c44e51..6a087f4022 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java @@ -158,7 +158,7 @@ public void authenticate(URL url, AuthenticatedURL.Token token) conn.setRequestMethod(AUTH_HTTP_METHOD); conn.connect(); - if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) { + if (conn.getRequestProperty(AUTHORIZATION) != null && conn.getResponseCode() == HttpURLConnection.HTTP_OK) { LOG.debug("JDK performed authentication on our behalf."); // If the JDK already did the SPNEGO back-and-forth for // us, just pull out the token. diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java index a8641e69e6..6059d8caf8 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java @@ -134,9 +134,11 @@ protected void _testAuthentication(Authenticator authenticator, boolean doPost) try { URL url = new URL(getBaseURL()); AuthenticatedURL.Token token = new AuthenticatedURL.Token(); + Assert.assertFalse(token.isSet()); TestConnectionConfigurator connConf = new TestConnectionConfigurator(); AuthenticatedURL aUrl = new AuthenticatedURL(authenticator, connConf); HttpURLConnection conn = aUrl.openConnection(url, token); + Assert.assertTrue(token.isSet()); Assert.assertTrue(connConf.invoked); String tokenStr = token.toString(); if (doPost) { diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java index f086870ee1..93d1d027a2 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java @@ -43,6 +43,14 @@ public void testFallbacktoPseudoAuthenticator() throws Exception { _testAuthentication(new KerberosAuthenticator(), false); } + public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception { + Properties props = new Properties(); + props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple"); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true"); + setAuthenticationHandlerConfig(props); + _testAuthentication(new KerberosAuthenticator(), false); + } + public void testNotAuthenticated() throws Exception { setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration()); start(); diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 610f0a509e..df0585cff7 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -359,6 +359,8 @@ Release 2.0.3-alpha - Unreleased HADOOP-8901. GZip and Snappy support may not work without unversioned libraries (Colin Patrick McCabe via todd) + HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu) + Release 2.0.2-alpha - 2012-09-07 INCOMPATIBLE CHANGES