You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Juan Yu (JIRA)" <ji...@apache.org> on 2014/06/17 07:29:01 UTC
[jira] [Resolved] (HDFS-6548) AuthenticationToken will be ignored
if the cookie value contains '@'
[ https://issues.apache.org/jira/browse/HDFS-6548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juan Yu resolved HDFS-6548.
---------------------------
Resolution: Invalid
> AuthenticationToken will be ignored if the cookie value contains '@'
> --------------------------------------------------------------------
>
> Key: HDFS-6548
> URL: https://issues.apache.org/jira/browse/HDFS-6548
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Juan Yu
> Assignee: Juan Yu
>
> if the cookie value is something like "email=xyz@abc.com", HDFS will ignore the AuthenticationToken and reject the request.
> 2014-06-05 19:12:40,654 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signed text: u
> This is caused by fix for HADOOP-10379 Protect authentication cookies with the HttpOnly and Secure flags
> it constructs cookie header manually instead of using Cookie class so the value is not double quoted.
--
This message was sent by Atlassian JIRA
(v6.2#6252)