[jira] [Commented] (HADOOP-14640) Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth cookie for authorization, SASKey and delegation token generation

[Jitendra Nath Pandey (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085974#comment-16085974
 ] 

Jitendra Nath Pandey commented on HADOOP-14640:
-----------------------------------------------

[~snayak], the only concern I have is that token parsing makes this code 
tightly coupled with the token format. In other words, if the token format 
changes this code will break, and, it is not easy to have client and server 
upgrade at the same time. Effectively, any token format change will become an 
incompatible change and hence unacceptable in a minor release.
  Do you believe, in this case token format is unlikely to change until next 
major release?

As you rightly pointed out, that because of time differences in machines there 
is a possibility of using expired tokens, even with proactivity of 5 mins. 
Therefore, a retry is desirable, but that can be done as an improvement in a 
later jira. 

Thanks for fixing other issues.

> Azure: Support affinity for service running on localhost and reuse SPNEGO 
> hadoop.auth cookie for authorization, SASKey and delegation token generation
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14640
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14640
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>              Labels: security
>         Attachments: HADOOP-14640.1.patch, HADOOP-14640.2.patch
>
>
> Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma 
> separated list of URLs for authorization, SASKey generation and delegation 
> token generation.
> To improve the performance, if service runs on the local machine, give it 
> first preference over the other configured list of URLs. 
> Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for 
> every request by talking to the remote service, before making actual rest 
> requests.
> The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests 
> from same {{WasbRemoteCallHelper}} object until its expiry time. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org