HADOOP-13580. If user is unauthorized, log "unauthorized" instead of "Invalid signed text:". Contributed by Wei-Chiu Chuang.

This commit is contained in:
Wei-Chiu Chuang 2016-09-16 14:53:09 -07:00
parent cd099a63d5
commit f6f3a447bf

View File

@ -438,6 +438,9 @@ protected AuthenticationToken getToken(HttpServletRequest request) throws IOExce
for (Cookie cookie : cookies) { for (Cookie cookie : cookies) {
if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) { if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
tokenStr = cookie.getValue(); tokenStr = cookie.getValue();
if (tokenStr.isEmpty()) {
throw new AuthenticationException("Unauthorized access");
}
try { try {
tokenStr = signer.verifyAndExtract(tokenStr); tokenStr = signer.verifyAndExtract(tokenStr);
} catch (SignerException ex) { } catch (SignerException ex) {