Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10911

hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.0
    • Fix Version/s: 2.6.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is unable to authenticate with servers running the authentication filter), even with HADOOP-10710 applied.

      From my reading of the spec, the problem is as follows:
      Expires is not a valid directive according to the RFC, though it is mentioned for backwards compatibility with netscape draft spec. When httpclient sees "Expires", it parses according to the netscape draft spec, but note from RFC2109:

      Note that the Expires date format contains embedded spaces, and that "old" cookies did not have quotes around values. 
      

      and note that AuthenticationFilter puts quotes around the value:
      https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439

      So httpclient's parsing appears to be kosher.

        Attachments

        1. oozie-webconsole.stream
          16 kB
          Chris Nauroth
        2. HADOOP-10911v3.patch
          14 kB
          Gregory Chanan
        3. HADOOP-10911v2.patch
          14 kB
          Gregory Chanan
        4. HADOOP-10911-tests.patch
          5 kB
          Gregory Chanan
        5. HADOOP-10911.patch
          0.9 kB
          Gregory Chanan

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                gchanan Gregory Chanan
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: