hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jitendra Nath Pandey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14640) Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth cookie for authorization, SASKey and delegation token generation
Date Thu, 13 Jul 2017 01:19:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085013#comment-16085013
] 

Jitendra Nath Pandey commented on HADOOP-14640:
-----------------------------------------------

[~snayak], Thanks for the patch. A few comments:

The AuthenthicationURL.Token doesn't provide any interface to determine validity or expiry
time, and I believe that is the reason you are parsing out the expiry time from token string.
It might be simpler if the SpnegoToken cache tracks its own cache-expiry time, set at the
time of creation. We could typically configure it to be smaller than token expiry time. Keeping
the token opaque at the client is a useful property. 

The check for expiry is {{expiryTime > System.currentTimeMillis() + 1000 * 60 * 5L}}. Are
you adding 5 minutes just to guarantee that token is always accepted when client thinks it
is valid? If that is the case, I think, it might be better to have a re-try where token is
re-fetched if call fails due to token expiry.

Minor:
Checkstyle in a few place:
1) Lines longer than 80 characters.
2) Indentation where index of local url is calculated.



> Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth
cookie for authorization, SASKey and delegation token generation
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14640
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14640
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>              Labels: security
>         Attachments: HADOOP-14640.1.patch
>
>
> Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma separated list
of URLs for authorization, SASKey generation and delegation token generation.
> To improve the performance, if service runs on the local machine, give it first preference
over the other configured list of URLs. 
> Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for every request
by talking to the remote service, before making actual rest requests.
> The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests from same
{{WasbRemoteCallHelper}} object until its expiry time. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message