[
https://issues.apache.org/jira/browse/HADOOP-10416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13945536#comment-13945536
]
Tsz Wo Nicholas Sze commented on HADOOP-10416:
----------------------------------------------
Here is the behavior change:
- If client provides a non-expired token in the request, client will be
authenticated by the token. The patch does no change on this case.
- Consider client provides an expired token in the request:
-* Without the patch,
-** if anonymous is enabled, the client is authenticated as anonymous (but
there is no token in the response; see HADOOP-10417).
-** If anonymous is disabled, client will get
AuthenticationException("Anonymous requests are disallowed").
-* With the patch, no matter anonymous is enabled or not, user will be
authenticated by the (expired) token.
I believe the behavior after the patch is more desirable.
> If there is an expired token, PseudoAuthenticationHandler should renew it
> -------------------------------------------------------------------------
>
> Key: HADOOP-10416
> URL: https://issues.apache.org/jira/browse/HADOOP-10416
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Tsz Wo Nicholas Sze
> Assignee: Tsz Wo Nicholas Sze
> Priority: Minor
> Attachments: c10416_20140321.patch, c10416_20140322.patch
>
>
> PseudoAuthenticationHandler currently only gets username from the "user.name"
> parameter. It should also renew expired auth token if it is available in the
> cookies.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
