[
https://issues.apache.org/jira/browse/HDFS-16563?focusedWorklogId=775892&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-775892
]
ASF GitHub Bot logged work on HDFS-16563:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 30/May/22 12:57
Start Date: 30/May/22 12:57
Worklog Time Spent: 10m
Work Description: steveloughran commented on code in PR #4241:
URL: https://github.com/apache/hadoop/pull/4241#discussion_r884803308
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java:
##########
@@ -449,15 +449,19 @@ protected DelegationTokenInformation
checkToken(TokenIdent identifier)
throws InvalidToken {
assert Thread.holdsLock(this);
DelegationTokenInformation info = getTokenInfo(identifier);
+ String err;
if (info == null) {
- throw new InvalidToken("token " + formatTokenId(identifier)
- + " can't be found in cache");
+ err = "Token for real user: " + identifier.getRealUser() + ", can't be
found in cache";
+ LOG.warn(err + ", Token=" + formatTokenId(identifier));
+ throw new InvalidToken(err);
}
long now = Time.now();
if (info.getRenewDate() < now) {
- throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
- "expired, current time: " + Time.formatTime(now) +
- " expected renewal time: " + Time.formatTime(info.getRenewDate()));
+ err =
+ "Token has" + identifier.getRealUser() + "expired, current time: " +
Time.formatTime(now)
+ + " expected renewal time: " +
Time.formatTime(info.getRenewDate());
+ LOG.info(err + ", Token=" + formatTokenId(identifier));
Review Comment:
can you use
```
LOG.info("{}, Token={}", err, formatTokenId(identifier));
```
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java:
##########
@@ -449,15 +449,19 @@ protected DelegationTokenInformation
checkToken(TokenIdent identifier)
throws InvalidToken {
assert Thread.holdsLock(this);
DelegationTokenInformation info = getTokenInfo(identifier);
+ String err;
if (info == null) {
- throw new InvalidToken("token " + formatTokenId(identifier)
- + " can't be found in cache");
+ err = "Token for real user: " + identifier.getRealUser() + ", can't be
found in cache";
+ LOG.warn(err + ", Token=" + formatTokenId(identifier));
Review Comment:
can you use
```
LOG.warn("{}, Token={}", err, formatTokenId(identifier));
```
Issue Time Tracking
-------------------
Worklog Id: (was: 775892)
Time Spent: 2.5h (was: 2h 20m)
> Namenode WebUI prints sensitve information on Token Expiry
> ----------------------------------------------------------
>
> Key: HDFS-16563
> URL: https://issues.apache.org/jira/browse/HDFS-16563
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namanode, security, webhdfs
> Reporter: Renukaprasad C
> Assignee: Renukaprasad C
> Priority: Major
> Labels: pull-request-available
> Attachments: image-2022-04-27-23-01-16-033.png,
> image-2022-04-27-23-28-40-568.png
>
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> Login to Namenode WebUI.
> Wait for token to expire. (Or modify the Token refresh time
> dfs.namenode.delegation.token.renew/update-interval to lower value)
> Refresh the WebUI after the Token expiry.
> Full token information gets printed in WebUI.
>
> !image-2022-04-27-23-01-16-033.png!
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
