[jira] [Commented] (IMPALA-8584) Add support for cookie-based authentication

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/IMPALA-8584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16947270#comment-16947270
 ] 

ASF subversion and git services commented on IMPALA-8584:
---------------------------------------------------------

Commit d1b42c836c3458a2ef3662c0b0b1fd8fbf8f2baf in impala's branch 
refs/heads/master from Thomas Tauber-Marshall
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=d1b42c8 ]

IMPALA-8899, IMPALA-8898: Add cookie support to the webui

This patches takes the machinery for generating and checking cookies
for authentication that was added in IMPALA-8584 and applies to the
webui.

It also fixes an issue where some clients, for example Knox, may
return the cookie value surrounded by "".

It adds metrics for both SPNEGO auth success/failure and cookie auth
success/failure to the webserver.

This patch also fixes IMPALA-8898 by returning an empty cookie with a
Max-Age of 0 on requests where an invalid cookie was provided to
indicate to the client that the cookie should be deleted.

Testing:
- Added a test that uses curl to access the webserver with SPNEGO
  enabled while storing and using cookies. This test only runs when
  curl is present and has the necessary options enabled, which is
  generally not the case in our automated testing runs.

Change-Id: I30788e0539627ee6154ad8183b124947c5da8ef4
Reviewed-on: http://gerrit.cloudera.org:8080/14339
Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Reviewed-by: Thomas Tauber-Marshall <tmarsh...@cloudera.com>


> Add support for cookie-based authentication
> -------------------------------------------
>
>                 Key: IMPALA-8584
>                 URL: https://issues.apache.org/jira/browse/IMPALA-8584
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: Backend
>    Affects Versions: Impala 3.3.0
>            Reporter: Thomas Tauber-Marshall
>            Assignee: Thomas Tauber-Marshall
>            Priority: Critical
>             Fix For: Impala 3.4.0
>
>
> When IMPALA-8538 goes in, we'll have support for LDAP authentication over 
> http. The initial design will pass the credentials to LDAP for authentication 
> on every rpc. This has the potential to create a significant load on the LDAP 
> server. We can avoid hitting LDAP on every request by adding support for 
> cookie auth.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org