[
https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085013#comment-16085013
]
Jitendra Nath Pandey commented on HADOOP-14640:
-----------------------------------------------
[~snayak], Thanks for the patch. A few comments:
The AuthenthicationURL.Token doesn't provide any interface to determine
validity or expiry time, and I believe that is the reason you are parsing out
the expiry time from token string. It might be simpler if the SpnegoToken cache
tracks its own cache-expiry time, set at the time of creation. We could
typically configure it to be smaller than token expiry time. Keeping the token
opaque at the client is a useful property.
The check for expiry is {{expiryTime > System.currentTimeMillis() + 1000 * 60 *
5L}}. Are you adding 5 minutes just to guarantee that token is always accepted
when client thinks it is valid? If that is the case, I think, it might be
better to have a re-try where token is re-fetched if call fails due to token
expiry.
Minor:
Checkstyle in a few place:
1) Lines longer than 80 characters.
2) Indentation where index of local url is calculated.
> Azure: Support affinity for service running on localhost and reuse SPNEGO
> hadoop.auth cookie for authorization, SASKey and delegation token generation
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-14640
> URL: https://issues.apache.org/jira/browse/HADOOP-14640
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/azure
> Affects Versions: 2.9.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Labels: security
> Attachments: HADOOP-14640.1.patch
>
>
> Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma
> separated list of URLs for authorization, SASKey generation and delegation
> token generation.
> To improve the performance, if service runs on the local machine, give it
> first preference over the other configured list of URLs.
> Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for
> every request by talking to the remote service, before making actual rest
> requests.
> The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests
> from same {{WasbRemoteCallHelper}} object until its expiry time.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
