duongkame commented on code in PR #4417:
URL: https://github.com/apache/ozone/pull/4417#discussion_r1149853126
##########
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/token/OzoneBlockTokenIdentifier.java:
##########
@@ -51,6 +53,20 @@ public class OzoneBlockTokenIdentifier extends
ShortLivedTokenIdentifier {
private EnumSet<AccessModeProto> modes;
private long maxLength;
+ public OzoneBlockTokenIdentifier(
Review Comment:
Got the concern. I think the internal logic of OzoneBlockTokenId always
favor a string presentation. The BlockId if passed is converted to a "service
id".
```
public static String getTokenService(BlockID blockID) {
return String.valueOf(blockID.getContainerBlockID());
}
```
and this "service id" is used to verify the token .
```
// check token service (blockID or containerID)
String service = String.valueOf(getService(cmd));
if (!Objects.equals(service, tokenId.getService())) {
throw new BlockTokenException("ID mismatch. Token for ID: " +
tokenId.getService() + " can't be used to access: " + service +
" by user: " + tokenUser);
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
