Description
There are issues with Oozie/HadoopAuth that prevent the proxying of the Oozie UI in secure clusters.
The HadoopAuth issue below is preventing HttpClient from handling hadoop.auth token resulting in every interaction with Oozie requiring a SPNego authentication in a secure cluster. https://issues.apache.org/jira/browse/HADOOP-10710
The Oozie issue below prevents certain Oozie resources from be accessible when SPNego authentication occurs. This is caused by these resources being authenticated twice which results in a Kerberos replay attack detection/failure. https://issues.apache.org/jira/browse/OOZIE-2427
The combination of these two issues prevents the Oozie UI from being proxied in a secure cluster.
The proposed solution is to enhance HadoopAuthCookieStore to handle cases where the cooke value isn't RFC2109 compliant by wrapping the value in double quotes if they are missing.