Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14687

AuthenticatedURL will reuse bad/expired session cookies

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.9.0, 3.0.0-beta1, 2.8.2
    • Component/s: common
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      AuthenticatedURL with kerberos was designed to perform spnego, then use a session cookie to avoid renegotiation overhead. Unfortunately the client will continue to use a cookie after it expires. Every request elicits a 401, connection closes (despite keepalive because 401 is an "error"), TGS is obtained, connection re-opened, re-requests with TGS, repeat cycle. This places a strain on the kdc and creates lots of time_wait sockets.

      The main problem is unbeknownst to the auth url, the JDK transparently does spnego. The server issues a new cookie but the auth url doesn't scrape the cookie from the response because it doesn't know the JDK re-authenticated.

      1. HADOOP-14687.trunk.patch
        28 kB
        Daryn Sharp
      2. HADOOP-14687.branch-2.8.patch
        29 kB
        Daryn Sharp
      3. HADOOP-14687.2.trunk.patch
        29 kB
        Daryn Sharp

        Activity

        Hide
        daryn Daryn Sharp added a comment -

        This issue has caused RMs to congest sending events to the ATS. Fields in the ATS contain nulls until the congested event is posted – sometimes minutes, or even hours later under heavier load.

        Show
        daryn Daryn Sharp added a comment - This issue has caused RMs to congest sending events to the ATS. Fields in the ATS contain nulls until the congested event is posted – sometimes minutes, or even hours later under heavier load.
        Hide
        daryn Daryn Sharp added a comment -

        The most straightforward approach is attaching a cookie handler to the http connections to ensure the cookie is captured for all requests including when the jdk transparently re-authenticates. Clients never have to explicitly manage the cookie.

        Show
        daryn Daryn Sharp added a comment - The most straightforward approach is attaching a cookie handler to the http connections to ensure the cookie is captured for all requests including when the jdk transparently re-authenticates. Clients never have to explicitly manage the cookie.
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 17s Docker mode activated.
              Prechecks
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
              trunk Compile Tests
        0 mvndep 0m 8s Maven dependency ordering for branch
        +1 mvninstall 15m 15s trunk passed
        +1 compile 14m 51s trunk passed
        +1 checkstyle 0m 40s trunk passed
        +1 mvnsite 2m 0s trunk passed
        +1 findbugs 2m 0s trunk passed
        +1 javadoc 1m 10s trunk passed
              Patch Compile Tests
        0 mvndep 0m 8s Maven dependency ordering for patch
        +1 mvninstall 0m 56s the patch passed
        +1 compile 11m 41s the patch passed
        +1 javac 11m 41s the patch passed
        -0 checkstyle 0m 41s hadoop-common-project: The patch generated 9 new + 69 unchanged - 2 fixed = 78 total (was 71)
        +1 mvnsite 1m 52s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        -1 findbugs 0m 42s hadoop-common-project/hadoop-auth generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
        +1 javadoc 1m 12s the patch passed
              Other Tests
        +1 unit 2m 48s hadoop-auth in the patch passed.
        -1 unit 8m 40s hadoop-common in the patch failed.
        +1 asflicense 0m 34s The patch does not generate ASF License warnings.
        71m 33s



        Reason Tests
        FindBugs module:hadoop-common-project/hadoop-auth
          org.apache.hadoop.security.authentication.client.AuthenticatedURL$Token.toString() may return null Returned at AuthenticatedURL.java:Returned at AuthenticatedURL.java:[line 252]
        Failed junit tests hadoop.ipc.TestRPC
          hadoop.security.TestKDiag
          hadoop.net.TestDNS



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:14b5c93
        JIRA Issue HADOOP-14687
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12882590/HADOOP-14687.trunk.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux feda7af97c0c 3.13.0-117-generic #164-Ubuntu SMP Fri Apr 7 11:05:26 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / e05fa34
        Default Java 1.8.0_144
        findbugs v3.1.0-RC1
        checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/artifact/patchprocess/diff-checkstyle-hadoop-common-project.txt
        findbugs https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/artifact/patchprocess/new-findbugs-hadoop-common-project_hadoop-auth.html
        unit https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/testReport/
        modules C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common U: hadoop-common-project
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/console
        Powered by Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 17s Docker mode activated.       Prechecks +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.       trunk Compile Tests 0 mvndep 0m 8s Maven dependency ordering for branch +1 mvninstall 15m 15s trunk passed +1 compile 14m 51s trunk passed +1 checkstyle 0m 40s trunk passed +1 mvnsite 2m 0s trunk passed +1 findbugs 2m 0s trunk passed +1 javadoc 1m 10s trunk passed       Patch Compile Tests 0 mvndep 0m 8s Maven dependency ordering for patch +1 mvninstall 0m 56s the patch passed +1 compile 11m 41s the patch passed +1 javac 11m 41s the patch passed -0 checkstyle 0m 41s hadoop-common-project: The patch generated 9 new + 69 unchanged - 2 fixed = 78 total (was 71) +1 mvnsite 1m 52s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. -1 findbugs 0m 42s hadoop-common-project/hadoop-auth generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) +1 javadoc 1m 12s the patch passed       Other Tests +1 unit 2m 48s hadoop-auth in the patch passed. -1 unit 8m 40s hadoop-common in the patch failed. +1 asflicense 0m 34s The patch does not generate ASF License warnings. 71m 33s Reason Tests FindBugs module:hadoop-common-project/hadoop-auth   org.apache.hadoop.security.authentication.client.AuthenticatedURL$Token.toString() may return null Returned at AuthenticatedURL.java:Returned at AuthenticatedURL.java: [line 252] Failed junit tests hadoop.ipc.TestRPC   hadoop.security.TestKDiag   hadoop.net.TestDNS Subsystem Report/Notes Docker Image:yetus/hadoop:14b5c93 JIRA Issue HADOOP-14687 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12882590/HADOOP-14687.trunk.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux feda7af97c0c 3.13.0-117-generic #164-Ubuntu SMP Fri Apr 7 11:05:26 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / e05fa34 Default Java 1.8.0_144 findbugs v3.1.0-RC1 checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/artifact/patchprocess/diff-checkstyle-hadoop-common-project.txt findbugs https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/artifact/patchprocess/new-findbugs-hadoop-common-project_hadoop-auth.html unit https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/testReport/ modules C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common U: hadoop-common-project Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/13069/console Powered by Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        daryn Daryn Sharp added a comment -

        I'm a bit confused about the findbugs. It formerly also very clearly returned null but wasn't flagged? I can make it return empty string but I'm always leery of changing behaviors of code in comon...

        The test failures are completely unrelated.

        Show
        daryn Daryn Sharp added a comment - I'm a bit confused about the findbugs. It formerly also very clearly returned null but wasn't flagged? I can make it return empty string but I'm always leery of changing behaviors of code in comon... The test failures are completely unrelated.
        Hide
        daryn Daryn Sharp added a comment -

        Fixed findbugs. Return empty string instead of null. A few style things like unused imports. De-immortalized myself (removed my initials from some log lines).

        Show
        daryn Daryn Sharp added a comment - Fixed findbugs. Return empty string instead of null. A few style things like unused imports. De-immortalized myself (removed my initials from some log lines).
        Hide
        hadoopqa Hadoop QA added a comment -
        +1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 37s Docker mode activated.
              Prechecks
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
              trunk Compile Tests
        0 mvndep 0m 22s Maven dependency ordering for branch
        +1 mvninstall 14m 42s trunk passed
        +1 compile 15m 23s trunk passed
        +1 checkstyle 0m 41s trunk passed
        +1 mvnsite 1m 56s trunk passed
        +1 findbugs 1m 59s trunk passed
        +1 javadoc 1m 13s trunk passed
              Patch Compile Tests
        0 mvndep 0m 8s Maven dependency ordering for patch
        +1 mvninstall 1m 8s the patch passed
        +1 compile 12m 6s the patch passed
        +1 javac 12m 6s the patch passed
        -0 checkstyle 0m 41s hadoop-common-project: The patch generated 4 new + 69 unchanged - 2 fixed = 73 total (was 71)
        +1 mvnsite 1m 55s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 2m 17s the patch passed
        +1 javadoc 1m 12s the patch passed
              Other Tests
        +1 unit 3m 12s hadoop-auth in the patch passed.
        +1 unit 9m 0s hadoop-common in the patch passed.
        +1 asflicense 0m 30s The patch does not generate ASF License warnings.
        73m 22s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:14b5c93
        JIRA Issue HADOOP-14687
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12882676/HADOOP-14687.2.trunk.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux a216ddf50be0 3.13.0-119-generic #166-Ubuntu SMP Wed May 3 12:18:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / 2d105a2
        Default Java 1.8.0_144
        findbugs v3.1.0-RC1
        checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/13072/artifact/patchprocess/diff-checkstyle-hadoop-common-project.txt
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/13072/testReport/
        modules C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common U: hadoop-common-project
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/13072/console
        Powered by Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 37s Docker mode activated.       Prechecks +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.       trunk Compile Tests 0 mvndep 0m 22s Maven dependency ordering for branch +1 mvninstall 14m 42s trunk passed +1 compile 15m 23s trunk passed +1 checkstyle 0m 41s trunk passed +1 mvnsite 1m 56s trunk passed +1 findbugs 1m 59s trunk passed +1 javadoc 1m 13s trunk passed       Patch Compile Tests 0 mvndep 0m 8s Maven dependency ordering for patch +1 mvninstall 1m 8s the patch passed +1 compile 12m 6s the patch passed +1 javac 12m 6s the patch passed -0 checkstyle 0m 41s hadoop-common-project: The patch generated 4 new + 69 unchanged - 2 fixed = 73 total (was 71) +1 mvnsite 1m 55s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 2m 17s the patch passed +1 javadoc 1m 12s the patch passed       Other Tests +1 unit 3m 12s hadoop-auth in the patch passed. +1 unit 9m 0s hadoop-common in the patch passed. +1 asflicense 0m 30s The patch does not generate ASF License warnings. 73m 22s Subsystem Report/Notes Docker Image:yetus/hadoop:14b5c93 JIRA Issue HADOOP-14687 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12882676/HADOOP-14687.2.trunk.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux a216ddf50be0 3.13.0-119-generic #166-Ubuntu SMP Wed May 3 12:18:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 2d105a2 Default Java 1.8.0_144 findbugs v3.1.0-RC1 checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/13072/artifact/patchprocess/diff-checkstyle-hadoop-common-project.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/13072/testReport/ modules C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common U: hadoop-common-project Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/13072/console Powered by Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        jlowe Jason Lowe added a comment -

        Thanks for the patch!

        Wondering if it is worth protecting the code from a case where someone tries to set the same cookie redundantly. Looks like the code will reduce the max age of the cookie each time. Seems like a simple "is this the same cookie we already have" check before we lower the max age could make it do something sane in that unexpected case.

        Otherwise patch looks good to me.

        Show
        jlowe Jason Lowe added a comment - Thanks for the patch! Wondering if it is worth protecting the code from a case where someone tries to set the same cookie redundantly. Looks like the code will reduce the max age of the cookie each time. Seems like a simple "is this the same cookie we already have" check before we lower the max age could make it do something sane in that unexpected case. Otherwise patch looks good to me.
        Hide
        daryn Daryn Sharp added a comment -

        I think it's fine because the api to explicitly set the value isn't public and the former behavior wouldn't preserve, expose, or even parse metadata like the expiration time. Even if the non-public api is invoked multiple times, the artificial reduction in lifetime does not have a cumulative effect. It's relative to the current moment in time.

        Show
        daryn Daryn Sharp added a comment - I think it's fine because the api to explicitly set the value isn't public and the former behavior wouldn't preserve, expose, or even parse metadata like the expiration time. Even if the non-public api is invoked multiple times, the artificial reduction in lifetime does not have a cumulative effect. It's relative to the current moment in time.
        Hide
        jlowe Jason Lowe added a comment -

        Thanks for clarifying.

        +1 lgtm. I'll commit this later today if there are no objections.

        Show
        jlowe Jason Lowe added a comment - Thanks for clarifying. +1 lgtm. I'll commit this later today if there are no objections.
        Hide
        daryn Daryn Sharp added a comment -

        Conflicts in 2.8 essentially due to logging (2.8 didn't have a logger).

        Show
        daryn Daryn Sharp added a comment - Conflicts in 2.8 essentially due to logging (2.8 didn't have a logger).
        Hide
        hadoopqa Hadoop QA added a comment -
        +1 overall



        Vote Subsystem Runtime Comment
        0 reexec 17m 4s Docker mode activated.
              Prechecks
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
              branch-2.8 Compile Tests
        0 mvndep 1m 22s Maven dependency ordering for branch
        +1 mvninstall 7m 49s branch-2.8 passed
        +1 compile 5m 59s branch-2.8 passed with JDK v1.8.0_144
        +1 compile 6m 59s branch-2.8 passed with JDK v1.7.0_151
        +1 checkstyle 0m 26s branch-2.8 passed
        +1 mvnsite 1m 18s branch-2.8 passed
        +1 findbugs 2m 6s branch-2.8 passed
        +1 javadoc 0m 51s branch-2.8 passed with JDK v1.8.0_144
        +1 javadoc 1m 1s branch-2.8 passed with JDK v1.7.0_151
              Patch Compile Tests
        0 mvndep 0m 8s Maven dependency ordering for patch
        +1 mvninstall 0m 54s the patch passed
        +1 compile 5m 49s the patch passed with JDK v1.8.0_144
        +1 javac 5m 49s the patch passed
        +1 compile 6m 50s the patch passed with JDK v1.7.0_151
        +1 javac 6m 50s the patch passed
        +1 checkstyle 0m 24s hadoop-common-project: The patch generated 0 new + 72 unchanged - 2 fixed = 72 total (was 74)
        +1 mvnsite 1m 19s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 2m 28s the patch passed
        +1 javadoc 0m 50s the patch passed with JDK v1.8.0_144
        +1 javadoc 0m 59s the patch passed with JDK v1.7.0_151
              Other Tests
        +1 unit 4m 24s hadoop-auth in the patch passed with JDK v1.7.0_151.
        +1 unit 8m 2s hadoop-common in the patch passed with JDK v1.7.0_151.
        +1 asflicense 0m 24s The patch does not generate ASF License warnings.
        93m 25s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:d946387
        JIRA Issue HADOOP-14687
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12883133/HADOOP-14687.branch-2.8.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux 7b9293b52d3b 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision branch-2.8 / 3f735ad
        Default Java 1.7.0_151
        Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_144 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_151
        findbugs v3.0.0
        JDK v1.7.0_151 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/13092/testReport/
        modules C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common U: hadoop-common-project
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/13092/console
        Powered by Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 17m 4s Docker mode activated.       Prechecks +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.       branch-2.8 Compile Tests 0 mvndep 1m 22s Maven dependency ordering for branch +1 mvninstall 7m 49s branch-2.8 passed +1 compile 5m 59s branch-2.8 passed with JDK v1.8.0_144 +1 compile 6m 59s branch-2.8 passed with JDK v1.7.0_151 +1 checkstyle 0m 26s branch-2.8 passed +1 mvnsite 1m 18s branch-2.8 passed +1 findbugs 2m 6s branch-2.8 passed +1 javadoc 0m 51s branch-2.8 passed with JDK v1.8.0_144 +1 javadoc 1m 1s branch-2.8 passed with JDK v1.7.0_151       Patch Compile Tests 0 mvndep 0m 8s Maven dependency ordering for patch +1 mvninstall 0m 54s the patch passed +1 compile 5m 49s the patch passed with JDK v1.8.0_144 +1 javac 5m 49s the patch passed +1 compile 6m 50s the patch passed with JDK v1.7.0_151 +1 javac 6m 50s the patch passed +1 checkstyle 0m 24s hadoop-common-project: The patch generated 0 new + 72 unchanged - 2 fixed = 72 total (was 74) +1 mvnsite 1m 19s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 2m 28s the patch passed +1 javadoc 0m 50s the patch passed with JDK v1.8.0_144 +1 javadoc 0m 59s the patch passed with JDK v1.7.0_151       Other Tests +1 unit 4m 24s hadoop-auth in the patch passed with JDK v1.7.0_151. +1 unit 8m 2s hadoop-common in the patch passed with JDK v1.7.0_151. +1 asflicense 0m 24s The patch does not generate ASF License warnings. 93m 25s Subsystem Report/Notes Docker Image:yetus/hadoop:d946387 JIRA Issue HADOOP-14687 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12883133/HADOOP-14687.branch-2.8.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 7b9293b52d3b 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision branch-2.8 / 3f735ad Default Java 1.7.0_151 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_144 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_151 findbugs v3.0.0 JDK v1.7.0_151 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/13092/testReport/ modules C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common U: hadoop-common-project Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/13092/console Powered by Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        jlowe Jason Lowe added a comment -

        +1 for the branch-2.8 patch as well. Committing this.

        Show
        jlowe Jason Lowe added a comment - +1 for the branch-2.8 patch as well. Committing this.
        Hide
        jlowe Jason Lowe added a comment -

        Thanks, Daryn! I committed this to trunk, branch-2, branch-2.8, and branch-2.8.2.

        Show
        jlowe Jason Lowe added a comment - Thanks, Daryn! I committed this to trunk, branch-2, branch-2.8, and branch-2.8.2.
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #12228 (See https://builds.apache.org/job/Hadoop-trunk-Commit/12228/)
        HADOOP-14687. AuthenticatedURL will reuse bad/expired session cookies. (jlowe: rev c3793102121767c46091805eae65ef3919a5f368)

        • (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/AuthenticatedURL.java
        • (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServerWithSpengo.java
        • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
        • (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
        • (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/PseudoAuthenticator.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #12228 (See https://builds.apache.org/job/Hadoop-trunk-Commit/12228/ ) HADOOP-14687 . AuthenticatedURL will reuse bad/expired session cookies. (jlowe: rev c3793102121767c46091805eae65ef3919a5f368) (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/AuthenticatedURL.java (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServerWithSpengo.java (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/PseudoAuthenticator.java

          People

          • Assignee:
            daryn Daryn Sharp
            Reporter:
            daryn Daryn Sharp
          • Votes:
            0 Vote for this issue
            Watchers:
            15 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development