HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1398895 13f79535-47bb-0310-9956-ffa450edef68
2012-10-16 17:39:27 +00:00 · 2012-10-16 17:39:27 +00:00 · ec43a33e2c
parent 9757f7407a
commit ec43a33e2c
4 changed files with 13 additions and 1 deletions
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
@ -158,7 +158,7 @@ public class KerberosAuthenticator implements Authenticator {
      conn.setRequestMethod(AUTH_HTTP_METHOD);
      conn.connect();
      
-      if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
+      if (conn.getRequestProperty(AUTHORIZATION) != null && conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
        LOG.debug("JDK performed authentication on our behalf.");
        // If the JDK already did the SPNEGO back-and-forth for
        // us, just pull out the token.
--- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
+++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
@ -134,9 +134,11 @@ public abstract class AuthenticatorTestCase extends TestCase {
    try {
      URL url = new URL(getBaseURL());
      AuthenticatedURL.Token token = new AuthenticatedURL.Token();
+      Assert.assertFalse(token.isSet());
      TestConnectionConfigurator connConf = new TestConnectionConfigurator();
      AuthenticatedURL aUrl = new AuthenticatedURL(authenticator, connConf);
      HttpURLConnection conn = aUrl.openConnection(url, token);
+      Assert.assertTrue(token.isSet());
      Assert.assertTrue(connConf.invoked);
      String tokenStr = token.toString();
      if (doPost) {
--- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java
+++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java
@ -43,6 +43,14 @@ public class TestKerberosAuthenticator extends AuthenticatorTestCase {
    _testAuthentication(new KerberosAuthenticator(), false);
  }

+  public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
+    props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+    setAuthenticationHandlerConfig(props);
+    _testAuthentication(new KerberosAuthenticator(), false);
+  }
+
  public void testNotAuthenticated() throws Exception {
    setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
    start();
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -359,6 +359,8 @@ Release 2.0.3-alpha - Unreleased
    HADOOP-8901. GZip and Snappy support may not work without unversioned
    libraries (Colin Patrick McCabe via todd)

+    HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu)
+
 Release 2.0.2-alpha - 2012-09-07 

  INCOMPATIBLE CHANGES