[
https://issues.apache.org/jira/browse/HADOOP-12050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14625293#comment-14625293
]
Benoy Antony commented on HADOOP-12050:
---------------------------------------
I have the following review comments on this patch
1. The token is updated after signing the token. This is not correct.
{code}
if (!newToken && !token.isExpired() &&
token != AuthenticationToken.ANONYMOUS &&
!isCookiePersistent() &&
getMaxInactiveInterval() > 0) {
String signedToken = signer.sign(token.toString());
token.setMaxInactives(System.currentTimeMillis()
+ getMaxInactiveInterval() * 1000);
createAuthCookie(httpResponse, signedToken, getCookieDomain(),
getCookiePath(), token.getExpires(),
isCookiePersistent(), isHttps);
}
{code}
2. There is some code duplication between the above code block and the block
before it . Please refactor so that code duplication is minimized.
> Enable MaxInactiveInterval for hadoop http auth token
> -----------------------------------------------------
>
> Key: HADOOP-12050
> URL: https://issues.apache.org/jira/browse/HADOOP-12050
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Benoy Antony
> Assignee: hzlu
> Fix For: 3.0.0
>
> Attachments: HADOOP-12050.003.patch
>
>
> During http authentication, a cookie which contains the authentication token
> is dropped. The expiry time of the authentication token can be configured via
> hadoop.http.authentication.token.validity. The default value is 10 hours.
> For clusters which require enhanced security, it is desirable to have a
> configurable MaxInActiveInterval for the authentication token. If there is no
> activity during MaxInActiveInterval, the authentication token will be
> invalidated.
> The MaxInActiveInterval will be less than
> hadoop.http.authentication.token.validity. The default value will be 30
> minutes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
