[jira] [Commented] (HADOOP-10911) hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109

Thu, 31 Jul 2014 16:39:55 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14081682#comment-14081682
 ] 

Gregory Chanan commented on HADOOP-10911:
-----------------------------------------

Sent an e-mail to the httpclient list.  FWIW, I think we should just remove the 
quotes, as in my original patch.  It's a valid cookie, at least according to 
the netscape draft spec, and it works with current versions of httpclient.  
That's good because it won't break existing clients and httpclient is popular 
enough to warrant consideration.  If they consider the above a bug and fix it 
in a later version, we can upgrade the required httpclient version and have a 
proper RFC2109 cookie format.

> hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10911
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10911
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.5.0
>            Reporter: Gregory Chanan
>         Attachments: HADOOP-10911-tests.patch, HADOOP-10911.patch
>
>
> I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is 
> unable to authenticate with servers running the authentication filter), even 
> with HADOOP-10710 applied.
> From my reading of the spec, the problem is as follows:
> Expires is not a valid directive according to the RFC, though it is mentioned 
> for backwards compatibility with netscape draft spec.  When httpclient sees 
> "Expires", it parses according to the netscape draft spec, but note from 
> RFC2109:
> {code}
> Note that the Expires date format contains embedded spaces, and that "old" 
> cookies did not have quotes around values. 
> {code}
> and note that AuthenticationFilter puts quotes around the value:
> https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439
> So httpclient's parsing appears to be kosher.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to