HADOOP-13526. Add detailed logging in KMS for the authentication failure of proxy user. Contributed by Suraj Acharya.

(cherry picked from commit 98e7be769a7e69bdaec4f67143949f282f6761cf)
2016-08-22 18:06:53 -07:00 · 2016-08-22 18:06:53 -07:00 · a4b296734b
parent c76e0b93f0
commit a4b296734b
1 changed files with 10 additions and 0 deletions
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java
@ -39,6 +39,8 @@
 import org.apache.http.NameValuePair;
 import org.apache.http.client.utils.URLEncodedUtils;
 import org.codehaus.jackson.map.ObjectMapper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@ -81,6 +83,9 @@ public class DelegationTokenAuthenticationFilter
  private static final String ERROR_EXCEPTION_JSON = "exception";
  private static final String ERROR_MESSAGE_JSON = "message";

+  private static final Logger LOG = LoggerFactory.getLogger(
+          DelegationTokenAuthenticationFilter.class);
+
  /**
   * Sets an external <code>DelegationTokenSecretManager</code> instance to
   * manage creation and verification of Delegation Tokens.
@ -261,6 +266,11 @@ protected void doFilter(FilterChain filterChain, HttpServletRequest request,
            HttpExceptionUtils.createServletExceptionResponse(response,
                HttpServletResponse.SC_FORBIDDEN, ex);
            requestCompleted = true;
+            if (LOG.isDebugEnabled()) {
+              LOG.debug("Authentication exception: " + ex.getMessage(), ex);
+            } else {
+              LOG.warn("Authentication exception: " + ex.getMessage());
+            }
          }
        }
      }