hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HADOOP-13474) Add more details in the log when a token is expired
Date Tue, 06 Jun 2017 22:19:18 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Xiao Chen resolved HADOOP-13474.
--------------------------------
    Resolution: Won't Fix

With more understanding around this area, I think this jira is not necessary.
This is because AuthenticationFilter is usually passing the authentication further down to
the authentication handler, and that's where we should log more.
Will cover that in HADOOP-13174, so closing this one.

> Add more details in the log when a token is expired
> ---------------------------------------------------
>
>                 Key: HADOOP-13474
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13474
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13474.01.patch
>
>
> Currently when there's an expired token, we see this from the log:
> {noformat}
> 2016-08-06 07:13:20,807 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter:
AuthenticationToken ignored: AuthenticationToken expired
> 2016-08-06 09:55:48,665 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter:
AuthenticationToken ignored: AuthenticationToken expired
> 2016-08-06 10:01:41,452 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter:
AuthenticationToken ignored: AuthenticationToken expired
> {noformat}
> We should log a better [message|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L456],
to include more details (e.g. token type, username, tokenid) for trouble-shooting purpose.
> I don't think the additional information exposed will lead to any security concern, since
the token is expired anyways.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message