Patch looks pretty good to me, Tucu. One small comment. This should either say either "users are not authorized" or "users are unauthorized" but not "users are not unauthorized".

+      response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+                         "Unauthenticated users are not " +
+                         "unauthorized to access this page.");

Otherwise the patch looks good. +1 pending Jenkins.

+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12524080/HADOOP-8314.patch
against trunk revision .

+1 @author. The patch does not contain any @author tags.

+1 tests included. The patch appears to include 1 new or modified test files.

+1 javadoc. The javadoc tool did not generate any warning messages.

+1 javac. The applied patch does not increase the total number of javac compiler warnings.

+1 eclipse:eclipse. The patch built with eclipse:eclipse.

+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

+1 release audit. The applied patch does not increase the total number of release audit warnings.

+1 core tests. The patch passed unit tests in .

+1 contrib tests. The patch passed contrib unit tests.

Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//console

This message is automatically generated.

attaching patch with ATM's suggestion

committed to trunk and branch-2

Integrated in Hadoop-Hdfs-trunk-Commit #2202 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2202/)
HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
Files :

• /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java

Integrated in Hadoop-Common-trunk-Commit #2128 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2128/)
HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
Files :

• /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java

Integrated in Hadoop-Mapreduce-trunk-Commit #2144 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2144/)
HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
Files :

• /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java

Integrated in Hadoop-Hdfs-trunk #1025 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1025/)
HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
Files :

• /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java

Integrated in Hadoop-Mapreduce-trunk #1060 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1060/)
HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
Files :

• /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
• /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java

we need backport for branch-1

patch for branch-1

Hey Tucu, can you please comment what testing of the branch-1 patch you did? Also, this JIRA will need to be marked as an incompatible change in branch-1.

I've run the TestHttpServer testcase that verifies the fix.

The incompatible change flag is for branch-1

+1 for the branch-1 patch.

committed to branch-1