[ https://issues.apache.org/jira/browse/MAPREDUCE-3849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209557#comment-13209557
]
Hudson commented on MAPREDUCE-3849:
-----------------------------------
Integrated in Hadoop-Common-0.23-Commit #559 (See [https://builds.apache.org/job/Hadoop-Common-0.23-Commit/559/])
svn merge -c 1245099 from trunk to 0.23 FIXES MAPREDUCE-3849 Change TokenCache's reading
of the binary token file (Daryn Sharp via bobby) (Revision 1245102)
Result = SUCCESS
bobby : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1245102
Files :
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/security/TokenCache.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/test/java/org/apache/hadoop/mapreduce/security/TestTokenCache.java
> Change TokenCache's reading of the binary token file
> ----------------------------------------------------
>
> Key: MAPREDUCE-3849
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3849
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.1, 0.24.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Fix For: 0.23.2
>
> Attachments: MAPREDUCE-3849-2.patch, MAPREDUCE-3849.patch
>
>
> When obtaining the tokens for a {{FileSystem}}, the {{TokenCache}} will read the binary
token file if a token is not already in the {{Credentials}}. However, it will overwrite any
existing tokens in the {{Credentials}} with the contents of the binary token file if a single
token is missing. This may cause new tokens to be replaced with invalid/cancelled tokens
from the binary file. The new tokens will not be canceled, and thus "leak" in the namenode
until they expire.
> The binary tokens should be merged with, but not replace, existing tokens in the {{Credentials}}.
> The code that reads the binary token file is prefaced with:
> {code}
> //TODO: Need to come up with a better place to put
> //this block of code to do with reading the file
> {code}
> Also, the loading of the binary token file is the only reason that the {{TokenCache}}
has to use {{getCanonicalService}}. If this linkage can be broken, then the 1-to-1 filesystem
to token service coupling may be removed. And use of {{getCanonicalService}} can be removed
in a subsequent jira.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
|