[jira] [Commented] (HADOOP-11181) o.a.h.security.token.delegation.DelegationTokenManager should be more generalized to handle other DelegationTokenIdentifier

Mon, 13 Oct 2014 21:22:57 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14170495#comment-14170495
 ] 

Jing Zhao commented on HADOOP-11181:
------------------------------------

Hi Zhijie, you may also want to fix the javac warning: 
{code}
[WARNING] 
/home/jenkins/jenkins-slave/workspace/PreCommit-HADOOP-Build/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java:[313,54]
 [unchecked] unchecked conversion
{code}

> o.a.h.security.token.delegation.DelegationTokenManager should be more 
> generalized to handle other DelegationTokenIdentifier
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11181
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11181
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: HADOOP-11181.1.patch, HADOOP-11181.2.patch, 
> HADOOP-11181.3.patch, HADOOP-11181.4.patch
>
>
> While DelegationTokenManager can set external secretManager, it have the 
> assumption that the token is going to be 
> o.a.h.security.token.delegation.DelegationTokenIdentifier, and use 
> DelegationTokenIdentifier method to decode a token. 
> {code}
>   @SuppressWarnings("unchecked")
>   public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier>
>       token) throws IOException {
>     ByteArrayInputStream buf = new 
> ByteArrayInputStream(token.getIdentifier());
>     DataInputStream dis = new DataInputStream(buf);
>     DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind);
>     id.readFields(dis);
>     dis.close();
>     secretManager.verifyToken(id, token.getPassword());
>     return id.getUser();
>   }
> {code}
> It's not going to work it the token kind is other than 
> web.DelegationTokenIdentifier. For example, RM want to reuse it but hook it 
> to RMDelegationTokenSecretManager and RMDelegationTokenIdentifier, which has 
> the customized way to decode a token.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to