Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10911

hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.5.0
    • 2.6.0
    • security
    • None
    • Reviewed

    Description

      I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is unable to authenticate with servers running the authentication filter), even with HADOOP-10710 applied.

      From my reading of the spec, the problem is as follows:
      Expires is not a valid directive according to the RFC, though it is mentioned for backwards compatibility with netscape draft spec. When httpclient sees "Expires", it parses according to the netscape draft spec, but note from RFC2109:

      Note that the Expires date format contains embedded spaces, and that "old" cookies did not have quotes around values.

      and note that AuthenticationFilter puts quotes around the value:
      https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439

      So httpclient's parsing appears to be kosher.

      Attachments

        1. HADOOP-10911.patch
          0.9 kB
          Gregory Chanan
        2. HADOOP-10911-tests.patch
          5 kB
          Gregory Chanan
        3. HADOOP-10911v2.patch
          14 kB
          Gregory Chanan
        4. HADOOP-10911v3.patch
          14 kB
          Gregory Chanan
        5. oozie-webconsole.stream
          16 kB
          Chris Nauroth

        Issue Links

        is related to

        Improvement - An improvement or enhancement to an existing feature or task. HADOOP-11028 Use Java 7 HttpCookie to implement hadoop.auth cookie

        • Major - Major loss of function.
        • Open
        relates to

        Bug - A problem which impairs or prevents the functions of the product. HADOOP-10710 hadoop.auth cookie is not properly constructed according to RFC2109

        • Major - Major loss of function.
        • Closed

        Improvement - An improvement or enhancement to an existing feature or task. HADOOP-11068 Match hadoop.auth cookie format to jetty output

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            gchanan Gregory Chanan
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment