[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175958#comment-14175958 ] Hudson commented on HADOOP-11207: - SUCCESS: Integrated in Hadoop-Yarn-trunk #716 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/716/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14176003#comment-14176003 ] Hudson commented on HADOOP-11207: - FAILURE: Integrated in Hadoop-Hdfs-trunk #1905 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1905/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14176034#comment-14176034 ] Hudson commented on HADOOP-11207: - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1930 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1930/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/CHANGES.txt DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175491#comment-14175491 ] Vinod Kumar Vavilapalli commented on HADOOP-11207: -- Looking at the patch for review. Can you link the original JIRA for DTAuthHandler? DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175493#comment-14175493 ] Zhijie Shen commented on HADOOP-11207: -- Link HADOOP-10771, which brings DT auth stuff to common DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175566#comment-14175566 ] Vinod Kumar Vavilapalli commented on HADOOP-11207: -- Read up on the background - I was originally confused why HADOOP-10835 was not sufficient, I get it now. Overall, there is proxy-user support for generic non-token calls, but there is no proxy-user for getting/renew/cancel tokens themselves. I was surprised why HDFS didn't need it. It turns out HDFS doesn't depend on the common filter code, and instead duplicates the doAs code in JspHeper etc - that's why. Filed HDFS-7262 for this. The patch looks good to me. Can you take care of the findbugs warnings? DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175583#comment-14175583 ] Zhijie Shen commented on HADOOP-11207: -- bq. Can you take care of the findbugs warnings? One findbug will be fixed by HADOOP-11122. The other one is not related, and seems to be reported in several Jira's jenkins. Filed a ticket for it: HADOOP-11210 DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175661#comment-14175661 ] Vinod Kumar Vavilapalli commented on HADOOP-11207: -- okie, makes sense. Checking this in. DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175677#comment-14175677 ] Hudson commented on HADOOP-11207: - FAILURE: Integrated in Hadoop-trunk-Commit #6284 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/6284/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14174237#comment-14174237 ] Hadoop QA commented on HADOOP-11207: {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12675331/HADOOP-11207.2.patch against trunk revision 2894433. {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:red}-1 findbugs{color}. The patch appears to introduce 2 new Findbugs (version 2.0.3) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-common-project/hadoop-common: org.apache.hadoop.metrics2.impl.TestMetricsSystemImpl {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/4931//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/4931//artifact/patchprocess/newPatchFindbugsWarningshadoop-common.html Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/4931//console This message is automatically generated. DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14173120#comment-14173120 ] Hadoop QA commented on HADOOP-11207: {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12675130/HADOOP-11207.1.patch against trunk revision f19771a. {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:red}-1 findbugs{color}. The patch appears to introduce 2 new Findbugs (version 2.0.3) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The following test timeouts occurred in hadoop-common-project/hadoop-common: org.apache.hadoop.http.TestHttpServerLifecycle {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/4929//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/4929//artifact/patchprocess/newPatchFindbugsWarningshadoop-common.html Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/4929//console This message is automatically generated. DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14173137#comment-14173137 ] Zhijie Shen commented on HADOOP-11207: -- The 2 findbugs warnings happened before in HADOOP-11181 too, which are not related. TestHttpServerLifecycle is also an irrelevant test, and it passed locally DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)