[jira] [Commented] (HADOOP-11567) Refresh HTTP Authentication secret without restarting the server

Thu, 02 Jul 2015 17:30:55 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14612704#comment-14612704
 ] 

Arpit Agarwal commented on HADOOP-11567:
----------------------------------------

Hi Benoy, my comments below.
# FileSignerSecretProvider.java:140: Close InputStream?
# FileSignerSecretProvider.java:162: Close InputStream here also?
# FileSignerSecretProvider.java:175: updateSecretsIfRequired should be 
synchronized right?
# FileSignerSecretProvider.java:176: Prefer using the monotonic 
System.nanoTime().
# FileSignerSecretProvider.java:196: Potential perf regression: we should 
throttle calls to pollForSecretChange. Every call to getCurrentSecret could 
cause a disk operation now. Previously it was just a read from memory.
# FileSignerSecretProvider.java:203: Same perf regression here.
# FileSignerSecretProvider.java:63: From the code below it looks like 
effectivetimeinmillis must be specified as milliseconds since the epoch. That 
should be documented. Also do you think we can eliminate both config settings 
to reduce configuration and errors. Instead use a default system-wide 
transition period. Does that work for your use case?
# FileSignerSecretProvider.java:89: Can we use List\<byte[]\> instead of 
byte[][]?
# FileSignerSecretProvider.java:97: Previously we didn't throw on null. 
Throwing is correct but may not be backward compatible.

Minor:
# FileSignerSecretProvider.java:104: Space after comma.
# FileSignerSecretProvider.java:10: Unnecessary change?
# FileSignerSecretProvider.java:123: Missing code to close the reader?
# FileSignerSecretProvider.java:16: Unnecessary change?
# FileSignerSecretProvider.java:175: Nitpick: Extra space before (
# FileSignerSecretProvider.java:207: Nitpick: extra newline.

> Refresh HTTP Authentication secret without restarting the server
> ----------------------------------------------------------------
>
>                 Key: HADOOP-11567
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11567
>             Project: Hadoop Common
>          Issue Type: Improvement
>    Affects Versions: 2.6.0
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>              Labels: BB2015-05-TBR
>         Attachments: HADOOP-11567-001.patch, HADOOP-11567-002.patch
>
>
> The _AuthenticationFilter_ uses the secret read from a file specified via 
> hadoop.http.authentication.signature.secret.file to sign the cookie 
> containing user authentication information.
> The secret is read only during initialization and hence needs a restart to 
> update the secret.
> ZKSignerSecretProvider can be used to rotate the secrets without restarting 
> the servers, but it needs a zookeeper setup.
> The jira is to refresh secret by updating the file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to