You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/03/16 22:24:33 UTC

[jira] [Created] (HADOOP-12929) JWTRedirectAuthenticationHandler must accommodate null expiration time

Larry McCay created HADOOP-12929:
------------------------------------

             Summary: JWTRedirectAuthenticationHandler must accommodate null expiration time
                 Key: HADOOP-12929
                 URL: https://issues.apache.org/jira/browse/HADOOP-12929
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Larry McCay
            Assignee: Larry McCay


The underlying JWT token within the hadoop-jwt cookie should be able to have no expiration time. This allows the token lifecycle to be the same as the cookie that contains it.

Current validation processing of the token interprets the absence of an expiration time as requiring a new token to be acquired. JWT itself considers the exp to be an optional claim. As such, this patch will change the processing to accept a null expiration as valid for as long as the cookie is presented.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)