Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1959

HadoopAuthCookieStore should not read krb5 login config each time

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.4.0
    • None
    • None

    Description

      Currently HadoopAuthCookieStore isKnoxCookie checks the configured principal over and over again from krb5 login config file on each cookie. This is unnecessary and can be improved.

      Specifically the following section doesn't need to read the krb5 login config each time. We can do this once in the constructor. We should not expect krb5 config to change from underneath us.

              if (principal != null) {
            String krb5Config = config.getKerberosLoginConfig();
            if (krb5Config != null && !krb5Config.isEmpty()) {
              Properties p = new Properties();
              try (InputStream in = Files.newInputStream(Paths.get(krb5Config))){
                p.load(in);
                String configuredPrincipal = p.getProperty("principal");
                // Strip off enclosing quotes, if present
                if (configuredPrincipal.startsWith("\"")) {
                  configuredPrincipal = configuredPrincipal.substring(1, configuredPrincipal.length() - 1);
                }
                // Check if they're the same principal
                result = principal.equals(configuredPrincipal);
              } catch (IOException e) {
                LOG.errorReadingKerberosLoginConfig(krb5Config, e);
              }
            }
          }

      Attachments

        Issue Links

          is related to

          Sub-task - The sub-task of the issue KNOX-1962 CM discovery - Avoid reading krb5 login config multiple times

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. KNOX-1624 Ensure streams and readers are properly closed

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #124

          Activity

            People

              krisden Kevin Risden
              krisden Kevin Risden
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m