[
https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16087200#comment-16087200
]
Santhosh G Nayak edited comment on HADOOP-14640 at 7/14/17 11:29 AM:
---------------------------------------------------------------------
Thanks [~jnp].
I agree that token parsing makes code tightly coupled with the token format,
which could result in parsing errors when token format changes. It is better to
treat token as opaque as you suggested.
Attaching v3 version of the patch containing following changes -
- Token is treated as opaque and client sets the expiry time to be 60 mins.
- If request fails because of the expired or invalid token, client retries the
request after re-fetching the token.
was (Author: snayak):
[~jnp], I agree that token parsing makes code tightly coupled with the token
format, which could result in parsing errors when token format changes. It is
better to treat token as opaque as you suggested.
Attaching v3 version of the patch containing following changes -
- Token is treated as opaque and client sets the expiry time to be 60 mins.
- If request fails because of the expired or invalid token, client retries the
request after re-fetching the token.
> Azure: Support affinity for service running on localhost and reuse SPNEGO
> hadoop.auth cookie for authorization, SASKey and delegation token generation
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-14640
> URL: https://issues.apache.org/jira/browse/HADOOP-14640
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/azure
> Affects Versions: 2.9.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Labels: security
> Attachments: HADOOP-14640.1.patch, HADOOP-14640.2.patch,
> HADOOP-14640.3.patch
>
>
> Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma
> separated list of URLs for authorization, SASKey generation and delegation
> token generation.
> To improve the performance, if service runs on the local machine, give it
> first preference over the other configured list of URLs.
> Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for
> every request by talking to the remote service, before making actual rest
> requests.
> The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests
> from same {{WasbRemoteCallHelper}} object until its expiry time.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
