[
https://issues.apache.org/jira/browse/HADOOP-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194182#comment-14194182
]
Yi Liu commented on HADOOP-10895:
---------------------------------
Hi [~yzhangal], your patch has a big impact, and my suggestion is to make it
small. Also I would like to hear other committers' comments, since it looks
simple, but trick.
* I see you remove existing APIs/Constructor from AuthenticatedURL.java and
DelegationTokenAuthenticatedURL.java, it's not a good practice. It will break
others who are using {{hadoop-auth}}
* we don't need get fallback for Authenticator, and only need set
{code}
public void setAllowFallback(boolean allowFallback);
{code}
* I suggest only add a simple method to AuthenticatedURL, and no need change
for DelegationTokenAuthenticatedURL
{code}
public void setAllowAuthenticatorFallback(boolean allowFallback) {
authenticator.setAllowFallback(allowFallback);
}
{code}
* Other places just need to call {{setAllowAuthenticatorFallback}} of
AuthenticatedURL or {{setAllowFallback}} of Authenticator. Then it's more
simpler.
> HTTP KerberosAuthenticator fallback should have a flag to disable it
> --------------------------------------------------------------------
>
> Key: HADOOP-10895
> URL: https://issues.apache.org/jira/browse/HADOOP-10895
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Yongjun Zhang
> Priority: Blocker
> Attachments: HADOOP-10895.001.patch, HADOOP-10895.002.patch,
> HADOOP-10895.003.patch, HADOOP-10895.004.patch
>
>
> Per review feedback in HADOOP-10771, {{KerberosAuthenticator}} and the
> delegation token version coming in with HADOOP-10771 should have a flag to
> disable fallback to pseudo, similarly to the one that was introduced in
> Hadoop RPC client with HADOOP-9698.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
