You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2013/04/03 23:45:15 UTC
[jira] [Created] (KNOX-49) Prevent Shiro rememberMe cookie from
being returned
Kevin Minder created KNOX-49:
--------------------------------
Summary: Prevent Shiro rememberMe cookie from being returned
Key: KNOX-49
URL: https://issues.apache.org/jira/browse/KNOX-49
Project: Apache Knox
Issue Type: Improvement
Components: Server
Reporter: Kevin Minder
>From BUG-4327
We are using Apache Shiro (http://shiro.apache.org/) as our authentication plug point. The integration is in the gateway-provider-security-shiro module. This is working well for our LDAP authentication. However there is a built in feature of Shiro called 'Remember Me' that is causing an extra cookie (TODO) to be sent back to the clients. We are also returning a Hadoop specific cookie. We would like to ensure that only the Hadoop specific cookie is returned to the client and not the Shiro RememberMe cookie. I also noticed that we are returning a JSESSIONID cookie that we probably don't want either.
Below is debug output from the test
gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.testBasicHdfsUseCase
DEBUG org.apache.http.wire << "Set-Cookie: JSESSIONID=ys17oigu62yv1s6uj34djxrp5;Path=/gateway/cluster\r\n"
DEBUG org.apache.http.wire << "Set-Cookie: rememberMe=deleteMe; Path=/gateway/cluster; Max-Age=0; Expires=Tue, 05-Mar-2013 20:12:23 GMT\r\n"
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira