Return-Path: Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: (qmail 18566 invoked from network); 12 May 2010 01:00:06 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 12 May 2010 01:00:06 -0000 Received: (qmail 84068 invoked by uid 500); 12 May 2010 01:00:06 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 84032 invoked by uid 500); 12 May 2010 01:00:06 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 84024 invoked by uid 99); 12 May 2010 01:00:06 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 May 2010 01:00:06 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 May 2010 01:00:03 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o4C0xfiI014093 for ; Wed, 12 May 2010 00:59:42 GMT Message-ID: <712077.17441273625981928.JavaMail.jira@thor> Date: Tue, 11 May 2010 20:59:41 -0400 (EDT) From: "Hadoop QA (JIRA)" To: common-issues@hadoop.apache.org Subject: [jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers to UGI so that they can be used for authorization In-Reply-To: <1496415630.416121266718707899.JavaMail.jira@brutus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866414#action_12866414 ] Hadoop QA commented on HADOOP-6581: ----------------------------------- +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12444264/c6581-16.patch against trunk revision 941662. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/console This message is automatically generated. > Add authenticated TokenIdentifiers to UGI so that they can be used for authorization > ------------------------------------------------------------------------------------ > > Key: HADOOP-6581 > URL: https://issues.apache.org/jira/browse/HADOOP-6581 > Project: Hadoop Common > Issue Type: New Feature > Components: ipc, security > Reporter: Kan Zhang > Assignee: Kan Zhang > Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch > > > When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.