You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2018/01/12 11:38:10 UTC
Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/
-----------------------------------------------------------
Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
Bugs: ATLAS-2352
https://issues.apache.org/jira/browse/ATLAS-2352
Repository: atlas
Description
-------
This patch includes fix to configure validity for Kerberos DelegationToken.
Property to be added in atlas-application.properties.
*atlas.authentication.method.kerberos.token.validity*=3600
Diffs
-----
docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java e8020dbb
Diff: https://reviews.apache.org/r/65121/diff/1/
Testing
-------
Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
Thanks,
Nixon Rodrigues
Re: Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
Posted by David Radley <da...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/#review195320
-----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
Lines 140 (patched)
<https://reviews.apache.org/r/65121/#comment274500>
This is looking good. I suggest adding more context in the error messages to make them more informative.
- please include the exact config file name
- please include the exact config property name in the message - so it can be searched for in the property file i.e. "atlas.authentication.method.kerberos.token.validity"
- please include the invalid string value in the message
- David Radley
On Jan. 12, 2018, 1:12 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65121/
> -----------------------------------------------------------
>
> (Updated Jan. 12, 2018, 1:12 p.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
>
>
> Bugs: ATLAS-2352
> https://issues.apache.org/jira/browse/ATLAS-2352
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch includes fix to configure validity for Kerberos DelegationToken.
>
> Property to be added in atlas-application.properties.
>
> *atlas.authentication.method.kerberos.token.validity*=3600
>
>
> Diffs
> -----
>
> docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java 1d553e03
>
>
> Diff: https://reviews.apache.org/r/65121/diff/2/
>
>
> Testing
> -------
>
> Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/#review196307
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Jan. 15, 2018, 2:12 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65121/
> -----------------------------------------------------------
>
> (Updated Jan. 15, 2018, 2:12 p.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
>
>
> Bugs: ATLAS-2352
> https://issues.apache.org/jira/browse/ATLAS-2352
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch includes fix to configure validity for Kerberos DelegationToken.
>
> Property to be added in atlas-application.properties.
>
> *atlas.authentication.method.kerberos.token.validity*=3600
>
>
> Diffs
> -----
>
> docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java 1d553e03
>
>
> Diff: https://reviews.apache.org/r/65121/diff/3/
>
>
> Testing
> -------
>
> Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/
-----------------------------------------------------------
(Updated Jan. 15, 2018, 2:12 p.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
Changes
-------
This patch includes changes to handle review comment from David R to make the error logs more informative.
Bugs: ATLAS-2352
https://issues.apache.org/jira/browse/ATLAS-2352
Repository: atlas
Description
-------
This patch includes fix to configure validity for Kerberos DelegationToken.
Property to be added in atlas-application.properties.
*atlas.authentication.method.kerberos.token.validity*=3600
Diffs (updated)
-----
docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java 1d553e03
Diff: https://reviews.apache.org/r/65121/diff/3/
Changes: https://reviews.apache.org/r/65121/diff/2-3/
Testing
-------
Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
Thanks,
Nixon Rodrigues
Re: Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/
-----------------------------------------------------------
(Updated Jan. 12, 2018, 1:12 p.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
Changes
-------
This patch includes review comments from David R
Bugs: ATLAS-2352
https://issues.apache.org/jira/browse/ATLAS-2352
Repository: atlas
Description
-------
This patch includes fix to configure validity for Kerberos DelegationToken.
Property to be added in atlas-application.properties.
*atlas.authentication.method.kerberos.token.validity*=3600
Diffs (updated)
-----
docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java 1d553e03
Diff: https://reviews.apache.org/r/65121/diff/2/
Changes: https://reviews.apache.org/r/65121/diff/1-2/
Testing
-------
Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
Thanks,
Nixon Rodrigues
Re: Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
> On Jan. 12, 2018, 12:17 p.m., David Radley wrote:
> >
Thanks David for the review. I have made changes as suggested, please review.
> On Jan. 12, 2018, 12:17 p.m., David Radley wrote:
> > webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
> > Lines 134 (patched)
> > <https://reviews.apache.org/r/65121/diff/1/?file=1939372#file1939372line134>
> >
> > Please could you confirm that thetesting including checking that any time interval set here is effective.
Set the "atlas.authentication.method.kerberos.token.validity" property to "3600" (seconds, i.e. 1 hour) from Ambari "Custom application-properties". And confirmed that delegation token expiration time is set 1 hour later from current timestamp.
> On Jan. 12, 2018, 12:17 p.m., David Radley wrote:
> > webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
> > Lines 135 (patched)
> > <https://reviews.apache.org/r/65121/diff/1/?file=1939372#file1939372line135>
> >
> > Shouldn't we validate that this content is a positive integer (I am not sure what the highest valid value is - we could check that as well) and produce a meaningful error message if it is not valid.
Added check for positive number. will throw a Exception incase for NAN
- Nixon
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/#review195307
-----------------------------------------------------------
On Jan. 12, 2018, 11:38 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65121/
> -----------------------------------------------------------
>
> (Updated Jan. 12, 2018, 11:38 a.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
>
>
> Bugs: ATLAS-2352
> https://issues.apache.org/jira/browse/ATLAS-2352
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch includes fix to configure validity for Kerberos DelegationToken.
>
> Property to be added in atlas-application.properties.
>
> *atlas.authentication.method.kerberos.token.validity*=3600
>
>
> Diffs
> -----
>
> docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java e8020dbb
>
>
> Diff: https://reviews.apache.org/r/65121/diff/1/
>
>
> Testing
> -------
>
> Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
Posted by David Radley <da...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/#review195307
-----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
Lines 134 (patched)
<https://reviews.apache.org/r/65121/#comment274484>
Please could you confirm that thetesting including checking that any time interval set here is effective.
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
Lines 135 (patched)
<https://reviews.apache.org/r/65121/#comment274485>
Shouldn't we validate that this content is a positive integer (I am not sure what the highest valid value is - we could check that as well) and produce a meaningful error message if it is not valid.
- David Radley
On Jan. 12, 2018, 11:38 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65121/
> -----------------------------------------------------------
>
> (Updated Jan. 12, 2018, 11:38 a.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
>
>
> Bugs: ATLAS-2352
> https://issues.apache.org/jira/browse/ATLAS-2352
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch includes fix to configure validity for Kerberos DelegationToken.
>
> Property to be added in atlas-application.properties.
>
> *atlas.authentication.method.kerberos.token.validity*=3600
>
>
> Diffs
> -----
>
> docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java e8020dbb
>
>
> Diff: https://reviews.apache.org/r/65121/diff/1/
>
>
> Testing
> -------
>
> Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 65121: ATLAS-2352: Fix to configure validity for
Kerberos DelegationToken.
Posted by David Radley <da...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65121/#review195305
-----------------------------------------------------------
docs/src/site/twiki/Authentication-Authorization.twiki
Lines 68 (patched)
<https://reviews.apache.org/r/65121/#comment274483>
https://hadoop.apache.org/docs/r1.2.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html says that the default is 3600 seconds not milliseconds. Should ths comment be changed to Seconds?
- David Radley
On Jan. 12, 2018, 11:38 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65121/
> -----------------------------------------------------------
>
> (Updated Jan. 12, 2018, 11:38 a.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
>
>
> Bugs: ATLAS-2352
> https://issues.apache.org/jira/browse/ATLAS-2352
>
>
> Repository: atlas
>
>
> Description
> -------
>
> This patch includes fix to configure validity for Kerberos DelegationToken.
>
> Property to be added in atlas-application.properties.
>
> *atlas.authentication.method.kerberos.token.validity*=3600
>
>
> Diffs
> -----
>
> docs/src/site/twiki/Authentication-Authorization.twiki 1e35ceb4
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java e8020dbb
>
>
> Diff: https://reviews.apache.org/r/65121/diff/1/
>
>
> Testing
> -------
>
> Kerberos delegation token expiration time is set correctly in hadoop-auth cookie.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>