[jira] [Commented] (IMPALA-13813) OAuth AuthN: Avoid key verification on every rpc call

ASF subversion and git services (Jira) Tue, 20 May 2025 08:50:11 -0700


    [ 
https://issues.apache.org/jira/browse/IMPALA-13813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17952901#comment-17952901
 ]


ASF subversion and git services commented on IMPALA-13813:
----------------------------------------------------------

Commit 929130b735f83216aa7eed898ab6ee42e1672cfa in impala's branch 
refs/heads/master from gaurav1086
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=929130b73 ]

IMPALA-13813: OAuth/JWT Avoid key verification on
every rpc call

This patch optimizes the OAuth/JWT flow by setting
cookies in order to avoid token verification in every
RPC call. The default cookie expiry time is 1 day.
This is only valid for hs2-http protocol.

Testing: Modified existing custom cluster tests:
test_jwt_auth_valid and test_oauth_auth_valid:
-  total jwt token verification success count = 1:
   Reason: Verify jwt/oauth token only the first time
   and then set the cookie so do not need to re-verify
   the token for subsequent rpc queries.
-  total cookie auth success = rpc count - 1:
   Reason: After first verification, all subsequent
   authentication will be cookie auth based.
- Benchmarking the query SELECT 1; executed 10,000
  times with OAuth authentication showed a total time
  of 2.16s with the cookie enabled vs. 2.38s
  without the cookie. This indicates a modest
  performance gain (~9%) when cookie support is
  enabled. The time command output in both scenarios
  are:

  With cookie enabled:
  - real 2.16
  - user 0.99
  - sys 0.21

  With cookie disabled:
  - real 2.38
  - user 1.12
  - sys 0.22

Change-Id: I0e3e5d9cf8bdb99920611b06571515e05e15164e
Reviewed-on: http://gerrit.cloudera.org:8080/22600
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>


> OAuth AuthN: Avoid key verification on every rpc call
> -----------------------------------------------------
>
>                 Key: IMPALA-13813
>                 URL: https://issues.apache.org/jira/browse/IMPALA-13813
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: Backend, Security
>            Reporter: gaurav singh
>            Assignee: gaurav singh
>            Priority: Major
>
> Add cookie/session logic to avoid oauth access token verification on every 
> rpc call. Set the expiration of the cookie same as the token expiration time.
> Same change for JWT too.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (IMPALA-13813) OAuth AuthN: Avoid key verification on every rpc call

Reply via email to