[jira] [Created] (HDFS-6548) AuthenticationToken will be ignored if the cookie value contains '@'

Juan Yu (JIRA) Mon, 16 Jun 2014 17:37:15 -0700

Juan Yu created HDFS-6548:
-----------------------------

             Summary: AuthenticationToken will be ignored if the cookie value 
contains '@'
                 Key: HDFS-6548
                 URL: https://issues.apache.org/jira/browse/HDFS-6548
             Project: Hadoop HDFS
          Issue Type: Bug
            Reporter: Juan Yu
            Assignee: Juan Yu



if the cookie value is something like "email=x...@abc.com", HDFS will ignore 
the AuthenticationToken and reject the request.

2014-06-05 19:12:40,654 WARN 
org.apache.hadoop.security.authentication.server.AuthenticationFilter: 
AuthenticationToken ignored: 
org.apache.hadoop.security.authentication.util.SignerException: Invalid signed 
text: u

This is caused by fix for HADOOP-10379 Protect authentication cookies with the 
HttpOnly and Secure flags
it constructs cookie header manually instead of using Cookie class so the value 
is not double quoted.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Created] (HDFS-6548) AuthenticationToken will be ignored if the cookie value contains '@'

Reply via email to