From c7b79e8d91cc07012ec4029135a4bc2033e173d8 Mon Sep 17 00:00:00 2001
From: Wei-Chiu Chuang <weichiu@apache.org>
Date: Fri, 16 Sep 2016 14:53:09 -0700
Subject: [PATCH] HADOOP-13580. If user is unauthorized, log "unauthorized"
 instead of "Invalid signed text:". Contributed by Wei-Chiu Chuang.

(cherry picked from commit f6f3a447bf3b2900a2e9a0615ad9877f9310e062)
(cherry picked from commit 031d5f6c5bf7ab74d9c12fbefdb1c12c58024f03)
---
 .../security/authentication/server/AuthenticationFilter.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
index 0a9b8b5b7c3..5262fdc778e 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
@@ -438,6 +438,9 @@ public class AuthenticationFilter implements Filter {
       for (Cookie cookie : cookies) {
         if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
           tokenStr = cookie.getValue();
+          if (tokenStr.isEmpty()) {
+            throw new AuthenticationException("Unauthorized access");
+          }
           try {
             tokenStr = signer.verifyAndExtract(tokenStr);
           } catch (SignerException ex) {