[
https://issues.apache.org/jira/browse/HADOOP-12929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15202234#comment-15202234
]
Benoy Antony commented on HADOOP-12929:
---------------------------------------
The patch Looks good, Larry.
Comments below:
# The check "expires != null" is redundant. If "expires" is null , the first
condition will be true and second condition will not be evaluated. If the
second condition is evaluated, then we can be sure that"expires" is not null,
which makes it redundant.
# In line #199 , the variable username is unused. This is not related to the
patch , but good to clean up.
# Similarly in TestJWTRedirectAuthentictionHandler.java, the variable at line #
475 is unused.
# In TestJWTRedirectAuthentictionHandler, there are many unused inputs.
> JWTRedirectAuthenticationHandler must accommodate null expiration time
> ----------------------------------------------------------------------
>
> Key: HADOOP-12929
> URL: https://issues.apache.org/jira/browse/HADOOP-12929
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Larry McCay
> Assignee: Larry McCay
> Attachments: HADOOP-12929-001.patch, HADOOP-12929-002.patch
>
>
> The underlying JWT token within the hadoop-jwt cookie should be able to have
> no expiration time. This allows the token lifecycle to be the same as the
> cookie that contains it.
> Current validation processing of the token interprets the absence of an
> expiration time as requiring a new token to be acquired. JWT itself considers
> the exp to be an optional claim. As such, this patch will change the
> processing to accept a null expiration as valid for as long as the cookie is
> presented.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
