[
https://issues.apache.org/jira/browse/HADOOP-10799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14059272#comment-14059272
]
Varun Vasudev commented on HADOOP-10799:
----------------------------------------
[~tucu00] I'm not sure if this is the right ticket but it would be preferable
to pass tokens as headers instead of URL parameters. URLs can get logged and
passed on as part of the referrer header which exposes the delegation token. In
addition, users can pass around links with delegation tokens by mistake.
YARN-2247(waiting to be reviewed) also implements auth using delegation tokens
for the RM web services but passes the tokens as a header. My plan was to file
a ticket to shift the TimelineServer auth to the header model once YARN-2247
got committed. I'd be happy to hear your thoughts.
> Refactor HTTP delegation token logic from httpfs into reusable code in
> hadoop-common.
> -------------------------------------------------------------------------------------
>
> Key: HADOOP-10799
> URL: https://issues.apache.org/jira/browse/HADOOP-10799
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-10799.patch, HADOOP-10799.patch,
> HADOOP-10799.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
