[jira] [Updated] (HADOOP-13228) Add delegation token to the connection in DelegationTokenAuthenticator

[Xiao Chen (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-13228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiao Chen updated HADOOP-13228:
-------------------------------
    Attachment: HADOOP-13228.01.patch

Fix:
As talked with [~andrew.wang], given that the querystring is deprecated, we 
don't need to support it in newly added functionalities. Hence, I simply put up 
the fix to always put the DT to the request header, when conducting the 3 
(get/renew/cancel) DT ops. The fix here is in {{DelegationTokenAuthenticator}} 
because that's where the connection is created.

Test:
- Seems to me {{TestWebDelegationToken}} is the best place to test this. 
(HADOOP-13155 will also test this from an end-to-end POV.
- {{TestWebDelegationToken}} currently creates a bunch of fake classes to test. 
To keep the change minimal, I added a new test for using DT, and added the 
verification logic to the fake server classes.
- Existing tests pass because when there's no DT, they fall back to the 
underlying auth handler, which is again faked.
- I added a {{verifyHeader}} flag to control whether to check the request 
header or not. This is because if we have an auth token, we don't care about DT 
anymore. (So all existing tests don't need to verify header). If this is not 
acceptable, I think we can also create a new DTAuthHandler stab for verifying 
this.
- Added a log in DTAuthHandler, which I think is super helpful for debugging 
this.

> Add delegation token to the connection in DelegationTokenAuthenticator
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-13228
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13228
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13228.01.patch
>
>
> Following [a comment from another 
> jira|https://issues.apache.org/jira/browse/HADOOP-13155?focusedCommentId=15308715&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15308715],
>  create this to specifically handle the delegation token renewal/cancellation 
> bug in {{DelegationTokenAuthenticatedURL}} and 
> {{DelegationTokenAuthenticator}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org