[ https://issues.apache.org/jira/browse/OOZIE-3379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16710117#comment-16710117 ]
Andras Piros commented on OOZIE-3379: ------------------------------------- [~zuston] to address the one remaining FindBugs warning, can you please put following annotation on the actual method (constructor) level ({{AuthOozieClient.java#L93-100}}): {code:java} @SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "FilenameUtils is used to filter user input. JDK8+ is used.") {code} Can you please also add following {{FilenameUtils#getName()}} call when creating a new {{File}} given user input like this: {code:java} FilenameUtils.getFullPath(System.getProperty("user.home")) + FilenameUtils.getName(filename) {code} > Auth token cache file name should include Oozie URL > --------------------------------------------------- > > Key: OOZIE-3379 > URL: https://issues.apache.org/jira/browse/OOZIE-3379 > Project: Oozie > Issue Type: Bug > Components: client > Affects Versions: 5.0.0 > Reporter: Junfan Zhang > Assignee: Junfan Zhang > Priority: Major > Attachments: oozie-3379-1.patch, oozie-3379-2.patch, > oozie-3379-3.patch, oozie-3379-4.patch, oozie-3379-5.patch, > oozie-3379-6.patch, oozie-3379-7.patch > > > We have a program that connects to multiple Oozie clusters with multiple > {{AuthOozieClient}} instances, which frequently request the KDC server > because the authentication token cache is invalid. > After some investigation we found that the auth token cache file is > incorrectly shared by all {{AuthOozieClient}} instances. Therefore, we > propose that the auth token cache file name include Oozie URL as postfix. -- This message was sent by Atlassian JIRA (v7.6.3#76005)