hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Santhosh G Nayak (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14640) Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth cookie for authorization, SASKey and delegation token generation
Date Fri, 14 Jul 2017 11:29:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Santhosh G Nayak updated HADOOP-14640:
--------------------------------------
    Attachment: HADOOP-14640.3.patch

[~jnp], I agree that token parsing makes code tightly coupled with the token format, which
could result in parsing errors when token format changes. It is better to treat token as opaque
as you suggested.

Attaching v3 version of the patch containing following changes -
- Token is treated as opaque and client sets the expiry time to be 60 mins.
- If request fails because of the expired or invalid token, client retries the request after
re-fetching the token.

> Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth
cookie for authorization, SASKey and delegation token generation
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14640
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14640
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>              Labels: security
>         Attachments: HADOOP-14640.1.patch, HADOOP-14640.2.patch, HADOOP-14640.3.patch
>
>
> Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma separated list
of URLs for authorization, SASKey generation and delegation token generation.
> To improve the performance, if service runs on the local machine, give it first preference
over the other configured list of URLs. 
> Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for every request
by talking to the remote service, before making actual rest requests.
> The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests from same
{{WasbRemoteCallHelper}} object until its expiry time. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message