You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Xiao Chen (JIRA)" <ji...@apache.org> on 2017/06/06 22:19:18 UTC

[jira] [Resolved] (HADOOP-13474) Add more details in the log when a token is expired

     [ https://issues.apache.org/jira/browse/HADOOP-13474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Xiao Chen resolved HADOOP-13474.
--------------------------------
    Resolution: Won't Fix

With more understanding around this area, I think this jira is not necessary.
This is because AuthenticationFilter is usually passing the authentication further down to the authentication handler, and that's where we should log more.
Will cover that in HADOOP-13174, so closing this one.

> Add more details in the log when a token is expired
> ---------------------------------------------------
>
>                 Key: HADOOP-13474
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13474
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13474.01.patch
>
>
> Currently when there's an expired token, we see this from the log:
> {noformat}
> 2016-08-06 07:13:20,807 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired
> 2016-08-06 09:55:48,665 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired
> 2016-08-06 10:01:41,452 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired
> {noformat}
> We should log a better [message|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L456], to include more details (e.g. token type, username, tokenid) for trouble-shooting purpose.
> I don't think the additional information exposed will lead to any security concern, since the token is expired anyways.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org