[
https://issues.apache.org/jira/browse/HADOOP-10670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14030873#comment-14030873
]
Alejandro Abdelnur commented on HADOOP-10670:
---------------------------------------------
* {{String signatureSecretFile = config.getProperty(SIGNATURE_SECRET_FILE);}},
the property name should be prefixed with {{configPrefix +}}.
* Using a secret file is more secure than having the secret inline in the
configuration. The secret file should have precedence over the inline secret.
The inline secret should be deprecated, we should print a warning on that.
Do we have a testcase for this in the {{AuthenticationFilterInitializer}}
tests? if so, we should move them to the {{AuthenticationFilter}} tests.
Other than that, looks good.
> Allow AuthenticationFilter to respect signature secret file even without
> AuthenticationFilterInitializer
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10670
> URL: https://issues.apache.org/jira/browse/HADOOP-10670
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Priority: Minor
> Attachments: hadoop-10670.patch
>
>
> In Hadoop web console, by using AuthenticationFilterInitializer, it's allowed
> to configure AuthenticationFilter for the required signature secret by
> specifying signature.secret.file property. This improvement would also allow
> this when AuthenticationFilterInitializer isn't used in situations like
> webhdfs.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
