Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 3DC5B200CAE for ; Wed, 7 Jun 2017 00:19:23 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 3C673160BC6; Tue, 6 Jun 2017 22:19:23 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 832C8160BD4 for ; Wed, 7 Jun 2017 00:19:22 +0200 (CEST) Received: (qmail 91913 invoked by uid 500); 6 Jun 2017 22:19:21 -0000 Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-dev@hadoop.apache.org Received: (qmail 91631 invoked by uid 99); 6 Jun 2017 22:19:21 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jun 2017 22:19:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id AF1EECC88E for ; Tue, 6 Jun 2017 22:19:20 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.001 X-Spam-Level: X-Spam-Status: No, score=-100.001 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 0pU42PguDMcF for ; Tue, 6 Jun 2017 22:19:20 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 762215FAFA for ; Tue, 6 Jun 2017 22:19:19 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 00525E0D5C for ; Tue, 6 Jun 2017 22:19:19 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 46F9021E0F for ; Tue, 6 Jun 2017 22:19:18 +0000 (UTC) Date: Tue, 6 Jun 2017 22:19:18 +0000 (UTC) From: "Xiao Chen (JIRA)" To: common-dev@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (HADOOP-13474) Add more details in the log when a token is expired MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 06 Jun 2017 22:19:23 -0000 [ https://issues.apache.org/jira/browse/HADOOP-13474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xiao Chen resolved HADOOP-13474. -------------------------------- Resolution: Won't Fix With more understanding around this area, I think this jira is not necessary. This is because AuthenticationFilter is usually passing the authentication further down to the authentication handler, and that's where we should log more. Will cover that in HADOOP-13174, so closing this one. > Add more details in the log when a token is expired > --------------------------------------------------- > > Key: HADOOP-13474 > URL: https://issues.apache.org/jira/browse/HADOOP-13474 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Affects Versions: 2.6.0 > Reporter: Xiao Chen > Assignee: Xiao Chen > Attachments: HADOOP-13474.01.patch > > > Currently when there's an expired token, we see this from the log: > {noformat} > 2016-08-06 07:13:20,807 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired > 2016-08-06 09:55:48,665 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired > 2016-08-06 10:01:41,452 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired > {noformat} > We should log a better [message|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L456], to include more details (e.g. token type, username, tokenid) for trouble-shooting purpose. > I don't think the additional information exposed will lead to any security concern, since the token is expired anyways. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-dev-help@hadoop.apache.org