You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by st...@apache.org on 2022/06/03 17:37:37 UTC
[hadoop] branch trunk updated: HDFS-16563. Namenode WebUI prints sensitive information on Token expiry (#4241)
This is an automated email from the ASF dual-hosted git repository.
stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7bd4ac3ce0e HDFS-16563. Namenode WebUI prints sensitive information on Token expiry (#4241)
7bd4ac3ce0e is described below
commit 7bd4ac3ce0e34f804e9d93e95a1b4d6294ec09ae
Author: Renukaprasad C <48...@users.noreply.github.com>
AuthorDate: Fri Jun 3 23:07:27 2022 +0530
HDFS-16563. Namenode WebUI prints sensitive information on Token expiry (#4241)
Contributed by Renukaprasad C
---
.../delegation/AbstractDelegationTokenSecretManager.java | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
index baf3a7ff069..c85595e9222 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
@@ -510,15 +510,19 @@ extends AbstractDelegationTokenIdentifier>
throws InvalidToken {
assert Thread.holdsLock(this);
DelegationTokenInformation info = getTokenInfo(identifier);
+ String err;
if (info == null) {
- throw new InvalidToken("token " + formatTokenId(identifier)
- + " can't be found in cache");
+ err = "Token for real user: " + identifier.getRealUser() + ", can't be found in cache";
+ LOG.warn("{}, Token={}", err, formatTokenId(identifier));
+ throw new InvalidToken(err);
}
long now = Time.now();
if (info.getRenewDate() < now) {
- throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
- "expired, current time: " + Time.formatTime(now) +
- " expected renewal time: " + Time.formatTime(info.getRenewDate()));
+ err =
+ "Token has" + identifier.getRealUser() + "expired, current time: " + Time.formatTime(now)
+ + " expected renewal time: " + Time.formatTime(info.getRenewDate());
+ LOG.info("{}, Token={}", err, formatTokenId(identifier));
+ throw new InvalidToken(err);
}
return info;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org