You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Juan Yu (JIRA)" <ji...@apache.org> on 2014/06/17 02:37:03 UTC
[jira] [Created] (HDFS-6548) AuthenticationToken will be ignored if
the cookie value contains '@'
Juan Yu created HDFS-6548:
-----------------------------
Summary: AuthenticationToken will be ignored if the cookie value contains '@'
Key: HDFS-6548
URL: https://issues.apache.org/jira/browse/HDFS-6548
Project: Hadoop HDFS
Issue Type: Bug
Reporter: Juan Yu
Assignee: Juan Yu
if the cookie value is something like "email=xyz@abc.com", HDFS will ignore the AuthenticationToken and reject the request.
2014-06-05 19:12:40,654 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signed text: u
This is caused by fix for HADOOP-10379 Protect authentication cookies with the HttpOnly and Secure flags
it constructs cookie header manually instead of using Cookie class so the value is not double quoted.
--
This message was sent by Atlassian JIRA
(v6.2#6252)