You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Kan Zhang (JIRA)" <ji...@apache.org> on 2010/02/21 03:18:27 UTC
[jira] Created: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
------------------------------------------------------------------------------------
Key: HADOOP-6581
URL: https://issues.apache.org/jira/browse/HADOOP-6581
Project: Hadoop Common
Issue Type: New Feature
Components: ipc, security
Reporter: Kan Zhang
Assignee: Kan Zhang
When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Attachment: c6581-10.patch
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-6581:
--------------------------------
Hadoop Flags: [Reviewed]
+1. To avoid having BlockAccessToken released as part of 21, and therefore need to be supported for two versions, I'm planning on committing this and HDFS-992 to 21, to make sure BlockTokenIdentifer replaces BlockAccessToken in those releases.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12836302#action_12836302 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12436474/c6581-10.patch
against trunk revision 912207.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/24/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/24/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/24/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/24/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Attachment: c6581-17.patch
New patch for trunk.
1) Changes DelegationKey to work with Avro.
2) changes avro version to 1.3.1 in ivy
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Attachment: c6581-14.patch
a patch for the current trunk.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Attachment: c6581-13.patch
An update to current trunk. No functional change.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838685#action_12838685 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12437100/c6581-14.patch
against trunk revision 916529.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/388/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/388/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/388/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/388/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838627#action_12838627 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12437072/c6581-13.patch
against trunk revision 916468.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/387/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/387/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/387/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/387/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Attachment: c6581-15.patch
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12869382#action_12869382 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12444973/c6581-17.patch
against trunk revision 945953.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/532/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/532/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/532/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/532/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Attachment: c6581-18.patch
New patch incorporating the patch for HADOOP-6782 to fix TestAvroRpc.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Attachment: c6581-12.patch
trivial update.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12869395#action_12869395 ]
Jitendra Nath Pandey commented on HADOOP-6581:
----------------------------------------------
TestAvroRpc fails with avro-1.3.1 even without this patch.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Attachment: c6581-16.patch
New patch rebased against the latest trunk
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866414#action_12866414 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12444264/c6581-16.patch
against trunk revision 941662.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/516/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12871938#action_12871938 ]
Hudson commented on HADOOP-6581:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #269 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/269/])
HADOOP-6581. Add authenticated TokenIdentifiers to UGI so that they can be used for authorization. Kan Zhang and Jitendra Pandey via jghoman.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12837581#action_12837581 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12436800/c6581-12.patch
against trunk revision 915168.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/372/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/372/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/372/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/372/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12872933#action_12872933 ]
Hudson commented on HADOOP-6581:
--------------------------------
Integrated in Hadoop-Common-trunk #349 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/349/])
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12870089#action_12870089 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12445184/c6581-18.patch
against trunk revision 946976.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 9 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/538/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/538/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/538/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/538/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-6581:
--------------------------------
Status: Resolved (was: Patch Available)
Resolution: Fixed
I've committed this to trunk. Thanks Kan and Jitendra.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch, c6581-18.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Patch Available (was: Open)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6581:
------------------------------
Status: Open (was: Patch Available)
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6581) Add authenticated TokenIdentifiers to
UGI so that they can be used for authorization
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6581:
-----------------------------------------
Status: Patch Available (was: Open)
c6581-16.patch is submitted for hudson tests.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839085#action_12839085 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12437276/c6581-15.patch
against trunk revision 916779.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/398/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/398/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/398/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/398/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12869383#action_12869383 ]
Hadoop QA commented on HADOOP-6581:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12444973/c6581-17.patch
against trunk revision 945953.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/68/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/68/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/68/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/68/console
This message is automatically generated.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch, c6581-12.patch, c6581-13.patch, c6581-14.patch, c6581-15.patch, c6581-16.patch, c6581-17.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6581) Add authenticated TokenIdentifiers
to UGI so that they can be used for authorization
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12836300#action_12836300 ]
Kan Zhang commented on HADOOP-6581:
-----------------------------------
Added a patch that
1. allows TokenIdentifiers to be added to a ugi so that they can be made available for authorization checking in the RPC method.
2. updated RPC Server to add authenticated TokenIdentifiers to the ugi associated with the connection.
3. minor refactoring of SaslRpcServer code.
4. Fixed an NPE bug in DelegationKey where an empty DelegationKey throws NPE when you try to write it.
> Add authenticated TokenIdentifiers to UGI so that they can be used for authorization
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6581
> URL: https://issues.apache.org/jira/browse/HADOOP-6581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6581-10.patch
>
>
> When token is used for authentication over RPC, information other than username may be needed for access authorization. This information is typically specified in TokenIdentifier. This is especially true for block tokens used for client-to-datanode accesses, where authorization is based on access permissions specified in TokenIdentifier, and not on username. Block tokens used to be called access tokens and one can think of them as capability tokens. See HADOOP-4359 for more info.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.