hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12929) JWTRedirectAuthenticationHandler must accommodate null expiration time
Date Fri, 18 Mar 2016 21:54:33 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15202234#comment-15202234
] 

Benoy Antony commented on HADOOP-12929:
---------------------------------------

The patch Looks good, Larry.

Comments below:

# The check "expires != null" is redundant. If "expires"  is null , the first condition will
be true and second  condition will not be evaluated.  If the second condition is evaluated,
then we can be sure that"expires"  is not null, which makes it redundant. 

# In line #199 , the variable username is unused. This is not related to the patch , but good
to clean up.

# Similarly in TestJWTRedirectAuthentictionHandler.java, the variable at line # 475 is unused.

# In TestJWTRedirectAuthentictionHandler, there are many unused inputs.




> JWTRedirectAuthenticationHandler must accommodate null expiration time
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-12929
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12929
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>         Attachments: HADOOP-12929-001.patch, HADOOP-12929-002.patch
>
>
> The underlying JWT token within the hadoop-jwt cookie should be able to have no expiration
time. This allows the token lifecycle to be the same as the cookie that contains it.
> Current validation processing of the token interprets the absence of an expiration time
as requiring a new token to be acquired. JWT itself considers the exp to be an optional claim.
As such, this patch will change the processing to accept a null expiration as valid for as
long as the cookie is presented.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message