[jira] [Resolved] (HADOOP-13474) Add more details in the log when a token is expired

Xiao Chen (JIRA) Tue, 06 Jun 2017 15:19:47 -0700

     [ 
https://issues.apache.org/jira/browse/HADOOP-13474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Xiao Chen resolved HADOOP-13474.
--------------------------------
    Resolution: Won't Fix

With more understanding around this area, I think this jira is not necessary.
This is because AuthenticationFilter is usually passing the authentication 
further down to the authentication handler, and that's where we should log more.
Will cover that in HADOOP-13174, so closing this one.

> Add more details in the log when a token is expired
> ---------------------------------------------------
>
>                 Key: HADOOP-13474
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13474
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13474.01.patch
>
>
> Currently when there's an expired token, we see this from the log:
> {noformat}
> 2016-08-06 07:13:20,807 WARN 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter: 
> AuthenticationToken ignored: AuthenticationToken expired
> 2016-08-06 09:55:48,665 WARN 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter: 
> AuthenticationToken ignored: AuthenticationToken expired
> 2016-08-06 10:01:41,452 WARN 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter: 
> AuthenticationToken ignored: AuthenticationToken expired
> {noformat}
> We should log a better 
> [message|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L456],
>  to include more details (e.g. token type, username, tokenid) for 
> trouble-shooting purpose.
> I don't think the additional information exposed will lead to any security 
> concern, since the token is expired anyways.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Resolved] (HADOOP-13474) Add more details in the log when a token is expired

Reply via email to