You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Alejandro Abdelnur (JIRA)" <ji...@apache.org> on 2012/05/31 19:46:22 UTC
[jira] [Created] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Alejandro Abdelnur created HADOOP-8458:
------------------------------------------
Summary: Add management hook to AuthenticationHandler to enable delegation token operations support
Key: HADOOP-8458
URL: https://issues.apache.org/jira/browse/HADOOP-8458
Project: Hadoop Common
Issue Type: New Feature
Components: security
Affects Versions: 2.0.1-alpha
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Fix For: 2.0.1-alpha
Currently hadoop-auth AuthenticationHandler only authenticates a request.
While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293914#comment-13293914 ]
Hudson commented on HADOOP-8458:
--------------------------------
Integrated in Hadoop-Hdfs-trunk-Commit #2421 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2421/])
HADOOP-8458. Add management hook to AuthenticationHandler to enable delegation token operations support (tucu) (Revision 1349514)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349514
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/PseudoAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294485#comment-13294485 ]
Hudson commented on HADOOP-8458:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk #1108 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1108/])
HADOOP-8458. Add management hook to AuthenticationHandler to enable delegation token operations support (tucu) (Revision 1349514)
Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349514
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/PseudoAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8458:
---------------------------------------
Resolution: Fixed
Hadoop Flags: Incompatible change,Reviewed (was: Incompatible change)
Status: Resolved (was: Patch Available)
committed to trunk and branch-2
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8458:
---------------------------------------
Attachment: HADOOP-8458.patch
This patch adds a new method to the AuthenticationHandler interface:
{code}
public boolean managementOperation(AuthenticationToken token,
HttpServletRequest request, HttpServletResponse response)
throws IOException, AuthenticationException;
{code}
This method is allows interacting with the incoming request in both authenticated and non-authenticated modes and it can let the request continue processing or stop processing.
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293916#comment-13293916 ]
Hudson commented on HADOOP-8458:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #2348 (See [https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2348/])
HADOOP-8458. Add management hook to AuthenticationHandler to enable delegation token operations support (tucu) (Revision 1349514)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349514
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/PseudoAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Aaron T. Myers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293230#comment-13293230 ]
Aaron T. Myers commented on HADOOP-8458:
----------------------------------------
The patch contains a few lines that are over 80 chars, with some over 100. Otherwise the patch looks good to me. +1 from me once this is addressed.
I agree that this shouldn't affect host-based tokens at all. Daryn, could you please take a look soon to allay any concerns you might have?
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13286823#comment-13286823 ]
Hadoop QA commented on HADOOP-8458:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12530417/HADOOP-8458.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 1 new or modified test files.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-auth.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1064//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1064//console
This message is automatically generated.
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13288663#comment-13288663 ]
Daryn Sharp commented on HADOOP-8458:
-------------------------------------
Please give me a little time to review to ensure this doesn't affect host-based tokens.
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8458:
---------------------------------------
Attachment: HADOOP-8458.patch
updated patch reformatting lines to be within 80 chars.
I'll wait till tomorrow mid day PST for Daryn's comments, after that I'll commit if there are no objections.
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292962#comment-13292962 ]
Alejandro Abdelnur commented on HADOOP-8458:
--------------------------------------------
@Daryn, any update on your side? BTW, don't see how this JIRA would affect host-based tokens as it is only enabling a mechanism for the authhandler to perform auth management operations.
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Arun C Murthy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun C Murthy closed HADOOP-8458.
---------------------------------
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.2-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8458:
---------------------------------------
Hadoop Flags: Incompatible change
Status: Patch Available (was: Open)
while AuthenticationHandler is a 'private' API it may break existing implementations (Oozie, hbase, etc.), the solution for those implementations is to add the new method doing a NOP and returning TRUE.
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293953#comment-13293953 ]
Hudson commented on HADOOP-8458:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk-Commit #2371 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2371/])
HADOOP-8458. Add management hook to AuthenticationHandler to enable delegation token operations support (tucu) (Revision 1349514)
Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349514
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/PseudoAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294379#comment-13294379 ]
Hudson commented on HADOOP-8458:
--------------------------------
Integrated in Hadoop-Hdfs-trunk #1075 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1075/])
HADOOP-8458. Add management hook to AuthenticationHandler to enable delegation token operations support (tucu) (Revision 1349514)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1349514
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/PseudoAuthenticationHandler.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8458) Add management hook to
AuthenticationHandler to enable delegation token operations support
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293421#comment-13293421 ]
Hadoop QA commented on HADOOP-8458:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12531769/HADOOP-8458.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 1 new or modified test files.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-auth.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1109//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1109//console
This message is automatically generated.
> Add management hook to AuthenticationHandler to enable delegation token operations support
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8458
> URL: https://issues.apache.org/jira/browse/HADOOP-8458
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.1-alpha
>
> Attachments: HADOOP-8458.patch, HADOOP-8458.patch
>
>
> Currently hadoop-auth AuthenticationHandler only authenticates a request.
> While it can easily be extended to authenticate delegation tokens, it cannot handle the delegation token get/renew/cancel operations.
> The motivation of this new feature is that the above delegation token operations should be handled by a security component (hadoop-auth) instead of a functional component (httpfs implementation). Ideally we should have a complete separation of concerns between delegation token management and FileSystem/MapReduce/YARN API, but we don't. This change is a step on that directory for HTTP based services (like HttpFS).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira