[jira] [Commented] (HADOOP-18030) Authentication cookie will never expire by default after HADOOP-12049

Sun, 05 Dec 2021 18:59:08 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-18030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17453757#comment-17453757
 ] 

gaozhan ding commented on HADOOP-18030:
---------------------------------------

[~lmccay]  -  Thanks for your reply.

On the client side, cookie was managed by {{AuthCookieHandler}} . In the 
current implementation, it parse cookie by standard http cookie parser, which 
would ignore the above "e=1487947765114" field. I dump the memory of RM,  the 
"e" filed indicate the cookie has expired for almost one month, but it still 
used when Interact with timeline server. 

!image-2021-12-06-10-46-26-696.png!

logs in timeline server :
{code:java}
2021-12-06 02:44:44,584 WARN 
org.apache.hadoop.security.authentication.server.AuthenticationFilter: 
AuthenticationToken ignored: 
org.apache.hadoop.security.authentication.util.SignerException: Invalid 
signature
2021-12-06 02:44:44,584 ERROR 
org.apache.hadoop.yarn.server.timeline.webapp.TimelineWebServices: The owner of 
the posted timeline entities is not set {code}
 

In fact, I don't know what went wrong. Can you give me some advice? 

> Authentication cookie will never expire by default after HADOOP-12049
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-18030
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18030
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.1.0
>            Reporter: gaozhan ding
>            Priority: Major
>         Attachments: image-2021-12-06-10-46-26-696.png
>
>
> Whlie create auth cookie for client, AuthenticationFilter will add "Expires"  
> attribute for the cookie if needed. But after 
> https://issues.apache.org/jira/browse/HADOOP-12049, it never enter the code 
> block by default.
>  
>  
> {code:java}
> // AuthenticationFilter
> public static void createAuthCookie(HttpServletResponse resp, String token,
>                                     String domain, String path, long expires,
>                                     boolean isCookiePersistent,
>                                     boolean isSecure) {
>   //...
>   //By default, isCookiePersistent = false
>   if (expires >= 0 && isCookiePersistent) {
>     Date date = new Date(expires);
>     SimpleDateFormat df = new SimpleDateFormat("EEE, " +
>             "dd-MMM-yyyy HH:mm:ss zzz");
>     df.setTimeZone(TimeZone.getTimeZone("GMT"));
>     sb.append("; Expires=").append(df.format(date));
>   }
>   //...
> }{code}
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to