[
https://issues.apache.org/jira/browse/HADOOP-7510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13114454#comment-13114454
]
Suresh Srinivas commented on HADOOP-7510:
-----------------------------------------
# FileSystem#getCanonicalServiceName()
#* "The token will not attempt to acquire tokens if the service is null." Needs
rewording.
#* getCanonicalServiceName() is poorly named and we are tightly coupling token
semantics with it. I know this is backward incompatible, but given that you
have change the semantics to return token service name, should the method name
change to getTokenServiceName() or perhaps add a new method leaving the exiting
method as it is?
#* There is a link to buildDTServiceName(). It returns null service name, if
the authority name is null. Yet getCanonicalServiceName() is saying if file
sytem does not implement tokens, it returns null. Does that mean any file
system that has null authority does not support tokens? This is some what
taking cache implementation that we have and trying to define the API behavior.
#* "@see {@link SecurityUtil#buildDTServiceName(URI, int)}" should be "@see
SecurityUtil#buildDTServiceName(URI, int)"
# HftpFileSystem.java - minor - You just need one copy of
HftpDelegationTokenSelector and HDFSDelegationTo
# SecurityUtil.java
#* getTokenServiceAddr(), buildDTServiceName(), buildTokenService() should use
makeSocketAddress()?
# Why is NetUtils#getConnectAddres() changed to use makeSocketAddress()?
# DFSClient.java
#* Datanodes makes use of block tokens and not delgation tokens. Do you need to
call makeSocketAddr() for datanode proxy?
# MiniDFSCluster
#* Please add detail about config param use_ip in "//NOTE: the following is
only true if use_ip=true"
# HftpFileSystem.java
#* Get rid of TODO: from the comment
#* selectHdfsDelegationToken, selectHftpDelegationToken unnecessarily declares
throws IOException
# TestNetUtils
#* There is not need to catch UnknownHostException and ignore it in couple of
places
Additional question:
How does token cache functionality work given IP address in the URI? A token
with hostname that already exists in token cache will not match the URI that
has IP address right? If so that is a changed behavior from previous
implementation.
> Tokens should use original hostname provided instead of ip
> ----------------------------------------------------------
>
> Key: HADOOP-7510
> URL: https://issues.apache.org/jira/browse/HADOOP-7510
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Fix For: 0.20.205.0
>
> Attachments: HADOOP-7510-10.patch, HADOOP-7510-2.patch,
> HADOOP-7510-3.patch, HADOOP-7510-4.patch, HADOOP-7510-5.patch,
> HADOOP-7510-6.patch, HADOOP-7510-8.patch, HADOOP-7510-9.patch,
> HADOOP-7510.patch
>
>
> Tokens currently store the ip:port of the remote server. This precludes
> tokens from being used after a host's ip is changed. Tokens should store the
> hostname used to make the RPC connection. This will enable new processes to
> use their existing tokens.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
