HADOOP-13580. If user is unauthorized, log "unauthorized" instead of "Invalid signed text:". Contributed by Wei-Chiu Chuang.

(cherry picked from commit f6f3a447bf3b2900a2e9a0615ad9877f9310e062) (cherry picked from commit 031d5f6c5bf7ab74d9c12fbefdb1c12c58024f03)
2016-09-16 14:53:09 -07:00 · 2016-09-16 14:53:09 -07:00 · c7b79e8d91
commit c7b79e8d91
parent ab57c869e2
1 changed files with 3 additions and 0 deletions
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
@ -438,6 +438,9 @@ protected AuthenticationToken getToken(HttpServletRequest request) throws IOExce
      for (Cookie cookie : cookies) {
        if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
          tokenStr = cookie.getValue();
+          if (tokenStr.isEmpty()) {
+            throw new AuthenticationException("Unauthorized access");
+          }
          try {
            tokenStr = signer.verifyAndExtract(tokenStr);
          } catch (SignerException ex) {