[
https://issues.apache.org/jira/browse/MAPREDUCE-3849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13208331#comment-13208331
]
Hadoop QA commented on MAPREDUCE-3849:
--------------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12514555/MAPREDUCE-3849-2.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1855//testReport/
Console output:
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1855//console
This message is automatically generated.
> Change TokenCache's reading of the binary token file
> ----------------------------------------------------
>
> Key: MAPREDUCE-3849
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3849
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.1, 0.24.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: MAPREDUCE-3849-2.patch, MAPREDUCE-3849.patch
>
>
> When obtaining the tokens for a {{FileSystem}}, the {{TokenCache}} will read
> the binary token file if a token is not already in the {{Credentials}}.
> However, it will overwrite any existing tokens in the {{Credentials}} with
> the contents of the binary token file if a single token is missing. This may
> cause new tokens to be replaced with invalid/cancelled tokens from the binary
> file. The new tokens will not be canceled, and thus "leak" in the namenode
> until they expire.
> The binary tokens should be merged with, but not replace, existing tokens in
> the {{Credentials}}.
> The code that reads the binary token file is prefaced with:
> {code}
> //TODO: Need to come up with a better place to put
> //this block of code to do with reading the file
> {code}
> Also, the loading of the binary token file is the only reason that the
> {{TokenCache}} has to use {{getCanonicalService}}. If this linkage can be
> broken, then the 1-to-1 filesystem to token service coupling may be removed.
> And use of {{getCanonicalService}} can be removed in a subsequent jira.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
