You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2015/03/17 18:45:39 UTC

[jira] [Assigned] (HADOOP-11330) KMSClientProvider should use PseudoDelegationTokenAuthenticator as the Authenticator when security is disabled to improve performance

     [ https://issues.apache.org/jira/browse/HADOOP-11330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arun Suresh reassigned HADOOP-11330:
------------------------------------

    Assignee: Arun Suresh

> KMSClientProvider should use PseudoDelegationTokenAuthenticator as the Authenticator when security is disabled to improve performance
> -------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11330
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11330
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms, security
>            Reporter: Dian Fu
>            Assignee: Arun Suresh
>
> In the class KMSClientProvider, it connect with KMS with the following method:
> {code}
> private HttpURLConnection createConnection(final URL url, String method)
>       throws IOException {
>     HttpURLConnection conn;
>     try {
>       ...
>       // creating the HTTP connection using the current UGI at constructor time
>       conn = loginUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
>         @Override
>         public HttpURLConnection run() throws Exception {
>           DelegationTokenAuthenticatedURL authUrl =
>               new DelegationTokenAuthenticatedURL(configurator);
>           return authUrl.openConnection(url, authToken, doAsUser);
>         }
>       });
>     } catch (IOException ex) {
>       throw ex;
>     } catch (UndeclaredThrowableException ex) {
>       throw new IOException(ex.getUndeclaredThrowable());
>     } catch (Exception ex) {
>       throw new IOException(ex);
>     }
> ...
> }
> {code} By default, DelegationTokenAuthenticatedURL will use KerberosDelegationTokenAuthenticator as the Authenticator. We can set PseudoDelegationTokenAuthenticator  as the Authenticator when security is disabled to improve performance. This will reduce one authentication process between client and KMS server.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)