[ https://issues.apache.org/jira/browse/HADOOP-11567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14612704#comment-14612704 ]
Arpit Agarwal commented on HADOOP-11567: ---------------------------------------- Hi Benoy, my comments below. # FileSignerSecretProvider.java:140: Close InputStream? # FileSignerSecretProvider.java:162: Close InputStream here also? # FileSignerSecretProvider.java:175: updateSecretsIfRequired should be synchronized right? # FileSignerSecretProvider.java:176: Prefer using the monotonic System.nanoTime(). # FileSignerSecretProvider.java:196: Potential perf regression: we should throttle calls to pollForSecretChange. Every call to getCurrentSecret could cause a disk operation now. Previously it was just a read from memory. # FileSignerSecretProvider.java:203: Same perf regression here. # FileSignerSecretProvider.java:63: From the code below it looks like effectivetimeinmillis must be specified as milliseconds since the epoch. That should be documented. Also do you think we can eliminate both config settings to reduce configuration and errors. Instead use a default system-wide transition period. Does that work for your use case? # FileSignerSecretProvider.java:89: Can we use List\<byte[]\> instead of byte[][]? # FileSignerSecretProvider.java:97: Previously we didn't throw on null. Throwing is correct but may not be backward compatible. Minor: # FileSignerSecretProvider.java:104: Space after comma. # FileSignerSecretProvider.java:10: Unnecessary change? # FileSignerSecretProvider.java:123: Missing code to close the reader? # FileSignerSecretProvider.java:16: Unnecessary change? # FileSignerSecretProvider.java:175: Nitpick: Extra space before ( # FileSignerSecretProvider.java:207: Nitpick: extra newline. > Refresh HTTP Authentication secret without restarting the server > ---------------------------------------------------------------- > > Key: HADOOP-11567 > URL: https://issues.apache.org/jira/browse/HADOOP-11567 > Project: Hadoop Common > Issue Type: Improvement > Affects Versions: 2.6.0 > Reporter: Benoy Antony > Assignee: Benoy Antony > Labels: BB2015-05-TBR > Attachments: HADOOP-11567-001.patch, HADOOP-11567-002.patch > > > The _AuthenticationFilter_ uses the secret read from a file specified via > hadoop.http.authentication.signature.secret.file to sign the cookie > containing user authentication information. > The secret is read only during initialization and hence needs a restart to > update the secret. > ZKSignerSecretProvider can be used to rotate the secrets without restarting > the servers, but it needs a zookeeper setup. > The jira is to refresh secret by updating the file. -- This message was sent by Atlassian JIRA (v6.3.4#6332)