hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arpit Agarwal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11567) Refresh HTTP Authentication secret without restarting the server
Date Fri, 03 Jul 2015 00:30:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14612704#comment-14612704
] 

Arpit Agarwal commented on HADOOP-11567:
----------------------------------------

Hi Benoy, my comments below.
# FileSignerSecretProvider.java:140: Close InputStream?
# FileSignerSecretProvider.java:162: Close InputStream here also?
# FileSignerSecretProvider.java:175: updateSecretsIfRequired should be synchronized right?
# FileSignerSecretProvider.java:176: Prefer using the monotonic System.nanoTime().
# FileSignerSecretProvider.java:196: Potential perf regression: we should throttle calls to
pollForSecretChange. Every call to getCurrentSecret could cause a disk operation now. Previously
it was just a read from memory.
# FileSignerSecretProvider.java:203: Same perf regression here.
# FileSignerSecretProvider.java:63: From the code below it looks like effectivetimeinmillis
must be specified as milliseconds since the epoch. That should be documented. Also do you
think we can eliminate both config settings to reduce configuration and errors. Instead use
a default system-wide transition period. Does that work for your use case?
# FileSignerSecretProvider.java:89: Can we use List\<byte[]\> instead of byte[][]?
# FileSignerSecretProvider.java:97: Previously we didn't throw on null. Throwing is correct
but may not be backward compatible.

Minor:
# FileSignerSecretProvider.java:104: Space after comma.
# FileSignerSecretProvider.java:10: Unnecessary change?
# FileSignerSecretProvider.java:123: Missing code to close the reader?
# FileSignerSecretProvider.java:16: Unnecessary change?
# FileSignerSecretProvider.java:175: Nitpick: Extra space before (
# FileSignerSecretProvider.java:207: Nitpick: extra newline.

> Refresh HTTP Authentication secret without restarting the server
> ----------------------------------------------------------------
>
>                 Key: HADOOP-11567
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11567
>             Project: Hadoop Common
>          Issue Type: Improvement
>    Affects Versions: 2.6.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>              Labels: BB2015-05-TBR
>         Attachments: HADOOP-11567-001.patch, HADOOP-11567-002.patch
>
>
> The _AuthenticationFilter_ uses the secret read from a file specified via hadoop.http.authentication.signature.secret.file
to sign the cookie containing user authentication information.
> The secret is read only during initialization and hence needs a restart to update the
secret.
> ZKSignerSecretProvider can be used to rotate the secrets without restarting the servers,
but it needs a zookeeper setup.
> The jira is to refresh secret by updating the file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message