[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175958#comment-14175958 ] Hudson commented on HADOOP-11207: - SUCCESS: Integrated in Hadoop-Yarn-trunk #716 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/716/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14176003#comment-14176003 ] Hudson commented on HADOOP-11207: - FAILURE: Integrated in Hadoop-Hdfs-trunk #1905 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1905/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14176034#comment-14176034 ] Hudson commented on HADOOP-11207: - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1930 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1930/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/CHANGES.txt DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175491#comment-14175491 ] Vinod Kumar Vavilapalli commented on HADOOP-11207: -- Looking at the patch for review. Can you link the original JIRA for DTAuthHandler? DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175493#comment-14175493 ] Zhijie Shen commented on HADOOP-11207: -- Link HADOOP-10771, which brings DT auth stuff to common DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175566#comment-14175566 ] Vinod Kumar Vavilapalli commented on HADOOP-11207: -- Read up on the background - I was originally confused why HADOOP-10835 was not sufficient, I get it now. Overall, there is proxy-user support for generic non-token calls, but there is no proxy-user for getting/renew/cancel tokens themselves. I was surprised why HDFS didn't need it. It turns out HDFS doesn't depend on the common filter code, and instead duplicates the doAs code in JspHeper etc - that's why. Filed HDFS-7262 for this. The patch looks good to me. Can you take care of the findbugs warnings? DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175583#comment-14175583 ] Zhijie Shen commented on HADOOP-11207: -- bq. Can you take care of the findbugs warnings? One findbug will be fixed by HADOOP-11122. The other one is not related, and seems to be reported in several Jira's jenkins. Filed a ticket for it: HADOOP-11210 DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175661#comment-14175661 ] Vinod Kumar Vavilapalli commented on HADOOP-11207: -- okie, makes sense. Checking this in. DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14175677#comment-14175677 ] Hudson commented on HADOOP-11207: - FAILURE: Integrated in Hadoop-trunk-Commit #6284 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/6284/]) HADOOP-11207. Enhanced common DelegationTokenAuthenticationHandler to support proxy-users on Delegation-token management operations. Contributed by Zhijie Shen. (vinodkv: rev 11375578162d77b78cc3f7a82f2495b1e31a3656) * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Fix For: 2.6.0 Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[
https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14174237#comment-14174237
]
Hadoop QA commented on HADOOP-11207:
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12675331/HADOOP-11207.2.patch
against trunk revision 2894433.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:red}-1 findbugs{color}. The patch appears to introduce 2 new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common:
org.apache.hadoop.metrics2.impl.TestMetricsSystemImpl
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4931//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4931//artifact/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4931//console
This message is automatically generated.
DelegationTokenAuthenticationHandler needs to support DT operations for proxy
user
--
Key: HADOOP-11207
URL: https://issues.apache.org/jira/browse/HADOOP-11207
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Zhijie Shen
Assignee: Zhijie Shen
Attachments: HADOOP-11207.1.patch, HADOOP-11207.2.patch
Currently, DelegationTokenAuthenticationHandler only support DT operations
for the request user after it passes the authentication. However, it should
also support the request user to do DT operations on behalf of the proxy user.
Timeline server is using the authentication filter for DT operations instead
of traditional RPC-based ones. It needs this feature to enable the proxy user
to use the timeline service (YARN-2676).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[
https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14173120#comment-14173120
]
Hadoop QA commented on HADOOP-11207:
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12675130/HADOOP-11207.1.patch
against trunk revision f19771a.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:red}-1 findbugs{color}. The patch appears to introduce 2 new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The following test timeouts occurred in
hadoop-common-project/hadoop-common:
org.apache.hadoop.http.TestHttpServerLifecycle
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4929//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4929//artifact/patchprocess/newPatchFindbugsWarningshadoop-common.html
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4929//console
This message is automatically generated.
DelegationTokenAuthenticationHandler needs to support DT operations for proxy
user
--
Key: HADOOP-11207
URL: https://issues.apache.org/jira/browse/HADOOP-11207
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Zhijie Shen
Assignee: Zhijie Shen
Attachments: HADOOP-11207.1.patch
Currently, DelegationTokenAuthenticationHandler only support DT operations
for the request user after it passes the authentication. However, it should
also support the request user to do DT operations on behalf of the proxy user.
Timeline server is using the authentication filter for DT operations instead
of traditional RPC-based ones. It needs this feature to enable the proxy user
to use the timeline service (YARN-2676).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-11207) DelegationTokenAuthenticationHandler needs to support DT operations for proxy user
[ https://issues.apache.org/jira/browse/HADOOP-11207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14173137#comment-14173137 ] Zhijie Shen commented on HADOOP-11207: -- The 2 findbugs warnings happened before in HADOOP-11181 too, which are not related. TestHttpServerLifecycle is also an irrelevant test, and it passed locally DelegationTokenAuthenticationHandler needs to support DT operations for proxy user -- Key: HADOOP-11207 URL: https://issues.apache.org/jira/browse/HADOOP-11207 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Zhijie Shen Assignee: Zhijie Shen Attachments: HADOOP-11207.1.patch Currently, DelegationTokenAuthenticationHandler only support DT operations for the request user after it passes the authentication. However, it should also support the request user to do DT operations on behalf of the proxy user. Timeline server is using the authentication filter for DT operations instead of traditional RPC-based ones. It needs this feature to enable the proxy user to use the timeline service (YARN-2676). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
