You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/03/16 22:24:33 UTC
[jira] [Created] (HADOOP-12929) JWTRedirectAuthenticationHandler
must accommodate null expiration time
Larry McCay created HADOOP-12929:
------------------------------------
Summary: JWTRedirectAuthenticationHandler must accommodate null expiration time
Key: HADOOP-12929
URL: https://issues.apache.org/jira/browse/HADOOP-12929
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Larry McCay
Assignee: Larry McCay
The underlying JWT token within the hadoop-jwt cookie should be able to have no expiration time. This allows the token lifecycle to be the same as the cookie that contains it.
Current validation processing of the token interprets the absence of an expiration time as requiring a new token to be acquired. JWT itself considers the exp to be an optional claim. As such, this patch will change the processing to accept a null expiration as valid for as long as the cookie is presented.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)