[
https://issues.apache.org/jira/browse/HADOOP-10416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13946229#comment-13946229
]
Alejandro Abdelnur commented on HADOOP-10416:
---------------------------------------------
[~szetszwo], I don't think the propose patch is correct. The auth-cookie is set
by the AuthenticationFilter when a handler authenticates the user. The purpose
of the cookie is not to trigger authentication every time (we assume
authentication is expensive). Once the cookie expires, the user must present
again his/her/its credentials (in the case of pseudo via user.name query string
parameter). Using the cookie itself as the credentials is wrong.
> If there is an expired token, PseudoAuthenticationHandler should renew it
> -------------------------------------------------------------------------
>
> Key: HADOOP-10416
> URL: https://issues.apache.org/jira/browse/HADOOP-10416
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Tsz Wo Nicholas Sze
> Assignee: Tsz Wo Nicholas Sze
> Priority: Minor
> Attachments: c10416_20140321.patch, c10416_20140322.patch
>
>
> PseudoAuthenticationHandler currently only gets username from the "user.name"
> parameter. It should also renew expired auth token if it is available in the
> cookies.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
