hbase

History

Kevin Risden b25c782f0d HBASE-19852 HBase Thrift should use a SPNEGO HTTP/hostname principal for checking HTTP Kerberos authentication Return 401 sooner when AUTHORIZATION header is missing HBase Thrift server was checking for the AUTHORIZATION header and assuming it was always present even when it was the first request. Many clients will not send the AUTHORIZATION header until a 401 is received. HBase Thrift in the case of no header was throwing multiple exceptions and filling the logs with exceptions. This was fixed by checking that if the AUTHORIZATION header is empty then return a 401 immediately if security is enabled. Signed-off-by: Josh Elser <elserj@apache.org>	2018-06-11 12:52:19 -04:00
..
src	HBASE-19852 HBase Thrift should use a SPNEGO HTTP/hostname principal for checking HTTP Kerberos authentication	2018-06-11 12:52:19 -04:00
pom.xml	HBASE-19852 HBase Thrift should use a SPNEGO HTTP/hostname principal for checking HTTP Kerberos authentication	2018-06-11 12:52:19 -04:00

Kevin Risden b25c782f0d HBASE-19852 HBase Thrift should use a SPNEGO HTTP/hostname principal for checking HTTP Kerberos authentication

Return 401 sooner when AUTHORIZATION header is missing

HBase Thrift server was checking for the AUTHORIZATION header and assuming it was always present
even when it was the first request. Many clients will not send the AUTHORIZATION header until
a 401 is received. HBase Thrift in the case of no header was throwing multiple exceptions and
filling the logs with exceptions. This was fixed by checking that if the AUTHORIZATION header is
empty then return a 401 immediately if security is enabled.

Signed-off-by: Josh Elser <elserj@apache.org>

2018-06-11 12:52:19 -04:00

src

HBASE-19852 HBase Thrift should use a SPNEGO HTTP/hostname principal for checking HTTP Kerberos authentication

2018-06-11 12:52:19 -04:00

pom.xml

HBASE-19852 HBase Thrift should use a SPNEGO HTTP/hostname principal for checking HTTP Kerberos authentication

2018-06-11 12:52:19 -04:00