hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3639) JspHelper#getUGI should always verify the token if security is enabled
Date Wed, 18 Jul 2012 05:20:35 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13416871#comment-13416871

Aaron T. Myers commented on HDFS-3639:

bq. Perhaps we should have a version of this function used by the NN that requires the the
name.node attribute be set and another version used by the NN that doesn't verify the token?

That would be fine. Or break out the token verification from the getUGI function, and have
the NN code path explicitly call some separate verifyToken function before calling getUGI.
> JspHelper#getUGI should always verify the token if security is enabled
> ----------------------------------------------------------------------
>                 Key: HDFS-3639
>                 URL: https://issues.apache.org/jira/browse/HDFS-3639
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.0.0, 2.0.0-alpha
>            Reporter: Eli Collins
>            Assignee: Eli Collins
>            Priority: Minor
>             Fix For: 1.2.0, 2.1.0-alpha
>         Attachments: hdfs-3639-b1.txt, hdfs-3639.txt
> JspHelper#getUGI on verifies the given token if the context and nn are set (added in
HDFS-2416). We should unconditionally verifyToken the token, ie a bug where "name.node" is
not set in the context object should not result in not verifying the token. In practice this
shouldn't be an issue as per HDFS-3434 the context and NN should never be null.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message