Xiao Chen created HADOOP-13127: ---------------------------------- Summary: Correctly cache delegation tokens in KMSClientProvider Key: HADOOP-13127 URL: https://issues.apache.org/jira/browse/HADOOP-13127 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.6.1 Reporter: Xiao Chen Assignee: Xiao Chen
In the initial implementation of HADOOP-10770, the authToken is updated with delegation tokens during {{KMSClientProvider#addDelegationTokens }} in the following line: {code} Token<?> token = authUrl.getDelegationToken(url, authToken, renewer); {code} HADOOP-11482 is a good fix to handle UGI issue, but has a side effect in the following code: {code} public Token<?> run() throws Exception { // Not using the cached token here.. Creating a new token here // everytime. return authUrl.getDelegationToken(url, new DelegationTokenAuthenticatedURL.Token(), renewer, doAsUser); } {code} IIUC, we should do {{setDelegationToken}} on the authToken here to cache it. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org