[
https://issues.apache.org/jira/browse/HADOOP-10880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur updated HADOOP-10880:
----------------------------------------
Attachment: HADOOP-10880.patch
Patch moving delegation tokens to a request header.
On the client side, {{DelegationTokenAuthenticatedURL}} still supports using
querystring via a {{setUseHeaderForDelegationToken(boolean)}} method.
On the server side, {{DelegationTokenAuthenticationHandler}} supports
delegation token in query string and in request header, request header has
precedence.
This patch applies on top of HADOOP-10771 & HADOOP-10835.
> Move HTTP delegation tokens out of URL querystring to a header
> --------------------------------------------------------------
>
> Key: HADOOP-10880
> URL: https://issues.apache.org/jira/browse/HADOOP-10880
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Blocker
> Attachments: HADOOP-10880.patch
>
>
> Following up on a discussion in HADOOP-10799.
> Because URLs are often logged, delegation tokens may end up in LOG files
> while they are still valid.
> We should move the tokens to a header.
> We should still support tokens in the querystring for backwards compatibility.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
