hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-13228) Add delegation token to the connection in DelegationTokenAuthenticator
Date Wed, 01 Jun 2016 01:19:12 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Xiao Chen updated HADOOP-13228:
-------------------------------
    Attachment: HADOOP-13228.01.patch

Fix:
As talked with [~andrew.wang], given that the querystring is deprecated, we don't need to
support it in newly added functionalities. Hence, I simply put up the fix to always put the
DT to the request header, when conducting the 3 (get/renew/cancel) DT ops. The fix here is
in {{DelegationTokenAuthenticator}} because that's where the connection is created.

Test:
- Seems to me {{TestWebDelegationToken}} is the best place to test this. (HADOOP-13155 will
also test this from an end-to-end POV.
- {{TestWebDelegationToken}} currently creates a bunch of fake classes to test. To keep the
change minimal, I added a new test for using DT, and added the verification logic to the fake
server classes.
- Existing tests pass because when there's no DT, they fall back to the underlying auth handler,
which is again faked.
- I added a {{verifyHeader}} flag to control whether to check the request header or not. This
is because if we have an auth token, we don't care about DT anymore. (So all existing tests
don't need to verify header). If this is not acceptable, I think we can also create a new
DTAuthHandler stab for verifying this.
- Added a log in DTAuthHandler, which I think is super helpful for debugging this.

> Add delegation token to the connection in DelegationTokenAuthenticator
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-13228
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13228
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13228.01.patch
>
>
> Following [a comment from another jira|https://issues.apache.org/jira/browse/HADOOP-13155?focusedCommentId=15308715&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15308715],
create this to specifically handle the delegation token renewal/cancellation bug in {{DelegationTokenAuthenticatedURL}}
and {{DelegationTokenAuthenticator}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message