[
https://issues.apache.org/jira/browse/HADOOP-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14103124#comment-14103124
]
Haohui Mai commented on HADOOP-10911:
-------------------------------------
Once hadoop itself moves over to Java 7 at 2.7, is it possible to use
{{java.net.HttpCookie}} directly and delegate this issue to JDK?
> hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109
> ---------------------------------------------------------------------------
>
> Key: HADOOP-10911
> URL: https://issues.apache.org/jira/browse/HADOOP-10911
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.5.0
> Reporter: Gregory Chanan
> Attachments: HADOOP-10911-tests.patch, HADOOP-10911.patch,
> HADOOP-10911v2.patch
>
>
> I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is
> unable to authenticate with servers running the authentication filter), even
> with HADOOP-10710 applied.
> From my reading of the spec, the problem is as follows:
> Expires is not a valid directive according to the RFC, though it is mentioned
> for backwards compatibility with netscape draft spec. When httpclient sees
> "Expires", it parses according to the netscape draft spec, but note from
> RFC2109:
> {code}
> Note that the Expires date format contains embedded spaces, and that "old"
> cookies did not have quotes around values.
> {code}
> and note that AuthenticationFilter puts quotes around the value:
> https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439
> So httpclient's parsing appears to be kosher.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
