hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Juan Yu (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HDFS-6548) AuthenticationToken will be ignored if the cookie value contains '@'
Date Tue, 17 Jun 2014 05:29:01 GMT

     [ https://issues.apache.org/jira/browse/HDFS-6548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Juan Yu resolved HDFS-6548.
---------------------------

    Resolution: Invalid

> AuthenticationToken will be ignored if the cookie value contains '@'
> --------------------------------------------------------------------
>
>                 Key: HDFS-6548
>                 URL: https://issues.apache.org/jira/browse/HDFS-6548
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Juan Yu
>            Assignee: Juan Yu
>
> if the cookie value is something like "email=xyz@abc.com", HDFS will ignore the AuthenticationToken
and reject the request.
> 2014-06-05 19:12:40,654 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter:
AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException:
Invalid signed text: u
> This is caused by fix for HADOOP-10379 Protect authentication cookies with the HttpOnly
and Secure flags
> it constructs cookie header manually instead of using Cookie class so the value is not
double quoted.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message