diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
index 9cfa3c2f299..0f86623adae 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
@@ -589,6 +589,13 @@ public class AuthenticationFilter implements Filter {
   /**
    * Delegates call to the servlet filter chain. Sub-classes my override this
    * method to perform pre and post tasks.
+   *
+   * @param filterChain the filter chain object.
+   * @param request the request object.
+   * @param response the response object.
+   *
+   * @throws IOException thrown if an IO error occurred.
+   * @throws ServletException thrown if a processing error occurred.
    */
   protected void doFilter(FilterChain filterChain, HttpServletRequest request,
       HttpServletResponse response) throws IOException, ServletException {
@@ -598,9 +605,15 @@ public class AuthenticationFilter implements Filter {
   /**
    * Creates the Hadoop authentication HTTP cookie.
    *
+   * @param resp the response object.
    * @param token authentication token for the cookie.
+   * @param domain the cookie domain.
+   * @param path the cokie path.
    * @param expires UNIX timestamp that indicates the expire date of the
    *                cookie. It has no effect if its value &lt; 0.
+   * @param isSecure is the cookie secure?
+   * @param token the token.
+   * @param expires the cookie expiration time.
    *
    * XXX the following code duplicate some logic in Jetty / Servlet API,
    * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/CertificateUtil.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/CertificateUtil.java
index 77b253034ab..1ca59aee052 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/CertificateUtil.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/CertificateUtil.java
@@ -36,7 +36,8 @@ public class CertificateUtil {
    *
    * @param pem
    *          - the pem encoding from config without the header and footer
-   * @return RSAPublicKey
+   * @return RSAPublicKey the RSA public key
+   * @throws ServletException thrown if a processing error occurred
    */
   public static RSAPublicKey parseRSAPublicKey(String pem) throws ServletException {
     String fullPem = PEM_HEADER + pem + PEM_FOOTER;
diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RolloverSignerSecretProvider.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RolloverSignerSecretProvider.java
index bdca3e4eb94..fda5572cdf4 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RolloverSignerSecretProvider.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RolloverSignerSecretProvider.java
@@ -61,7 +61,7 @@ public abstract class RolloverSignerSecretProvider
    * @param config configuration properties
    * @param servletContext servlet context
    * @param tokenValidity The amount of time a token is valid for
-   * @throws Exception
+   * @throws Exception thrown if an error occurred
    */
   @Override
   public void init(Properties config, ServletContext servletContext,
diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/SignerSecretProvider.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/SignerSecretProvider.java
index 2e0b9854898..e937862458e 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/SignerSecretProvider.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/SignerSecretProvider.java
@@ -34,7 +34,7 @@ public abstract class SignerSecretProvider {
    * @param config configuration properties
    * @param servletContext servlet context
    * @param tokenValidity The amount of time a token is valid for
-   * @throws Exception
+   * @throws Exception thrown if an error occurred
    */
   public abstract void init(Properties config, ServletContext servletContext,
           long tokenValidity) throws Exception;
diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java
index 11bfccd05c6..5e5f0879c8a 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java
@@ -377,7 +377,7 @@ public class ZKSignerSecretProvider extends RolloverSignerSecretProvider {
    * This method creates the Curator client and connects to ZooKeeper.
    * @param config configuration properties
    * @return A Curator client
-   * @throws Exception
+   * @throws Exception thrown if an error occurred
    */
   protected CuratorFramework createCuratorClient(Properties config)
           throws Exception {
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 57161ad6ae6..475129c3412 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -118,6 +118,9 @@ Release 2.8.0 - UNRELEASED
     HADOOP-11876. Refactor code to make it more readable, minor
     maybePrintStats bug (Zoran Dimitrijevic via raviprak)
 
+    HADOOP-11870. [JDK8] AuthenticationFilter, CertificateUtil,
+    SignerSecretProviders, KeyAuthorizationKeyProvider Javadoc issues (rkanter)
+
 Release 2.7.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
index 074f1fbafbd..e8cabc8851c 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
@@ -93,8 +93,8 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension {
    * The constructor takes a {@link KeyProviderCryptoExtension} and an
    * implementation of <code>KeyACLs</code>. All calls are delegated to the
    * provider keyProvider after authorization check (if required)
-   * @param keyProvider 
-   * @param acls
+   * @param keyProvider  the key provider
+   * @param acls the Key ACLs
    */
   public KeyAuthorizationKeyProvider(KeyProviderCryptoExtension keyProvider,
       KeyACLs acls) {