[ https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085013#comment-16085013 ]
Jitendra Nath Pandey commented on HADOOP-14640: ----------------------------------------------- [~snayak], Thanks for the patch. A few comments: The AuthenthicationURL.Token doesn't provide any interface to determine validity or expiry time, and I believe that is the reason you are parsing out the expiry time from token string. It might be simpler if the SpnegoToken cache tracks its own cache-expiry time, set at the time of creation. We could typically configure it to be smaller than token expiry time. Keeping the token opaque at the client is a useful property. The check for expiry is {{expiryTime > System.currentTimeMillis() + 1000 * 60 * 5L}}. Are you adding 5 minutes just to guarantee that token is always accepted when client thinks it is valid? If that is the case, I think, it might be better to have a re-try where token is re-fetched if call fails due to token expiry. Minor: Checkstyle in a few place: 1) Lines longer than 80 characters. 2) Indentation where index of local url is calculated. > Azure: Support affinity for service running on localhost and reuse SPNEGO > hadoop.auth cookie for authorization, SASKey and delegation token generation > ------------------------------------------------------------------------------------------------------------------------------------------------------ > > Key: HADOOP-14640 > URL: https://issues.apache.org/jira/browse/HADOOP-14640 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/azure > Affects Versions: 2.9.0 > Reporter: Santhosh G Nayak > Assignee: Santhosh G Nayak > Labels: security > Attachments: HADOOP-14640.1.patch > > > Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma > separated list of URLs for authorization, SASKey generation and delegation > token generation. > To improve the performance, if service runs on the local machine, give it > first preference over the other configured list of URLs. > Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for > every request by talking to the remote service, before making actual rest > requests. > The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests > from same {{WasbRemoteCallHelper}} object until its expiry time. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org