[ 
https://issues.apache.org/jira/browse/YARN-2656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14171756#comment-14171756
 ] 

Xuan Gong commented on YARN-2656:
---------------------------------

overall Looks good. One comment:
{code}
+  public void doFilter(ServletRequest request, ServletResponse response,
+      FilterChain filterChain) throws IOException, ServletException {
+    HttpServletRequest req = (HttpServletRequest) request;
+    // For backward compatibility, allow use of the old header field
+    final String oldHeader = req.getHeader(OLD_HEADER);
+    if (oldHeader != null && !oldHeader.isEmpty()) {
+      String newHeader =
+          req.getHeader(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER);
+      if (newHeader == null || newHeader.isEmpty()) {
+        HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(req) 
{
+          @Override
+          public String getHeader(String name) {
+            if (name
+              .equals(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER)) {
+              return oldHeader;
+            }
+            return super.getHeader(name);
+          }
+        };
+        super.doFilter(wrapper, response, filterChain);
       }
+    } else {
+      super.doFilter(request, response, filterChain);
     }
{code}

Here, we handled case:
1)when oldHeader is null/empty
2)When oldHeader is not null/empty and newHeader is null/empty.
Do we need to handle the case when oldHeader is not null/empty and newHeader is 
not null/empty here as well ?
So, maybe we could check newHeader first. As I understand, if newHeader is not 
null/empty, it will be used no matter whether oldHeader is set or not. 

> RM web services authentication filter should add support for proxy user
> -----------------------------------------------------------------------
>
>                 Key: YARN-2656
>                 URL: https://issues.apache.org/jira/browse/YARN-2656
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>         Attachments: YARN-2656.3.patch, YARN-2656.4.patch, 
> apache-yarn-2656.0.patch, apache-yarn-2656.1.patch, apache-yarn-2656.2.patch
>
>
> The DelegationTokenAuthenticationFilter adds support for doAs functionality. 
> The RMAuthenticationFilter should expose this as well.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to