hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aajis...@apache.org
Subject hadoop git commit: HADOOP-12902. JavaDocs for SignerSecretProvider are out-of-date in AuthenticationFilter. Contributed by Gabor Liptak.
Date Thu, 31 Mar 2016 07:09:51 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2 0795ee687 -> b4fbc2268


HADOOP-12902. JavaDocs for SignerSecretProvider are out-of-date in AuthenticationFilter. Contributed
by Gabor Liptak.

(cherry picked from commit acca149ec96f2932bebc492452a63a159de9ce47)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b4fbc226
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b4fbc226
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b4fbc226

Branch: refs/heads/branch-2
Commit: b4fbc22688124020e90be04827d0f8b35bbe50bb
Parents: 0795ee6
Author: Akira Ajisaka <aajisaka@apache.org>
Authored: Thu Mar 31 16:04:47 2016 +0900
Committer: Akira Ajisaka <aajisaka@apache.org>
Committed: Thu Mar 31 16:05:51 2016 +0900

----------------------------------------------------------------------
 .../server/AuthenticationFilter.java            | 33 ++++++++++----------
 1 file changed, 16 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/b4fbc226/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
index 4bdc808..5c93fd3 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
@@ -61,9 +61,9 @@ import java.util.*;
  * <li>[#PREFIX#.]type: simple|kerberos|#CLASS#, 'simple' is short for the
  * {@link PseudoAuthenticationHandler}, 'kerberos' is short for {@link KerberosAuthenticationHandler},
otherwise
  * the full class name of the {@link AuthenticationHandler} must be specified.</li>
- * <li>[#PREFIX#.]signature.secret: when signer.secret.provider is set to
- * "string" or not specified, this is the value for the secret used to sign the
- * HTTP cookie.</li>
+ * <li>[#PREFIX#.]signature.secret.file: when signer.secret.provider is set to
+ * "file" or not specified, this is the location of file including the secret
+ *  used to sign the HTTP cookie.</li>
  * <li>[#PREFIX#.]token.validity: time -in seconds- that the generated token is
  * valid before a new authentication is triggered, default value is
  * <code>3600</code> seconds. This is also used for the rollover interval for
@@ -79,17 +79,16 @@ import java.util.*;
  * </p>
  * <p>
  * Out of the box it provides 3 signer secret provider implementations:
- * "string", "random", and "zookeeper"
+ * "file", "random" and "zookeeper"
  * </p>
  * Additional signer secret providers are supported via the
  * {@link SignerSecretProvider} class.
  * <p>
  * For the HTTP cookies mentioned above, the SignerSecretProvider is used to
  * determine the secret to use for signing the cookies. Different
- * implementations can have different behaviors.  The "string" implementation
- * simply uses the string set in the [#PREFIX#.]signature.secret property
- * mentioned above.  The "random" implementation uses a randomly generated
- * secret that rolls over at the interval specified by the
+ * implementations can have different behaviors. The "file" implementation
+ * loads the secret from a specified file. The "random" implementation uses a
+ * randomly generated secret that rolls over at the interval specified by the
  * [#PREFIX#.]token.validity mentioned above.  The "zookeeper" implementation
  * is like the "random" one, except that it synchronizes the random secret
  * and rollovers between multiple servers; it's meant for HA services.
@@ -97,12 +96,12 @@ import java.util.*;
  * The relevant configuration properties are:
  * <ul>
  * <li>signer.secret.provider: indicates the name of the SignerSecretProvider
- * class to use. Possible values are: "string", "random", "zookeeper", or a
- * classname. If not specified, the "string" implementation will be used with
- * [#PREFIX#.]signature.secret; and if that's not specified, the "random"
+ * class to use. Possible values are: "file", "random", "zookeeper", or a
+ * classname. If not specified, the "file" implementation will be used with
+ * [#PREFIX#.]signature.secret.file; and if that's not specified, the "random"
  * implementation will be used.</li>
- * <li>[#PREFIX#.]signature.secret: When the "string" implementation is
- * specified, this value is used as the secret.</li>
+ * <li>[#PREFIX#.]signature.secret.file: When the "file" implementation is
+ * specified, this content of this file is used as the secret.</li>
  * <li>[#PREFIX#.]token.validity: When the "random" or "zookeeper"
  * implementations are specified, this value is used as the rollover
  * interval.</li>
@@ -176,10 +175,10 @@ public class AuthenticationFilter implements Filter {
   /**
    * Constant for the configuration property that indicates the name of the
    * SignerSecretProvider class to use.
-   * Possible values are: "string", "random", "zookeeper", or a classname.
-   * If not specified, the "string" implementation will be used with
-   * SIGNATURE_SECRET; and if that's not specified, the "random" implementation
-   * will be used.
+   * Possible values are: "file", "random", "zookeeper", or a classname.
+   * If not specified, the "file" implementation will be used with
+   * SIGNATURE_SECRET_FILE; and if that's not specified, the "random"
+   * implementation will be used.
    */
   public static final String SIGNER_SECRET_PROVIDER =
           "signer.secret.provider";


Mime
View raw message