[ https://issues.apache.org/jira/browse/CALCITE-4152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17257137#comment-17257137 ]
Josh Elser commented on CALCITE-4152: ------------------------------------- {code:java} 2020-12-31 23:21:35,831 [qtp2048434399-16] DEBUG - COMMIT for / on HttpChannelOverHttp@584ac69e{s=HttpChannelState@5cea67c6{s=HANDLING rs=COMPLETING os=COMMITTED is=READY awp=false se=false i=false al=0},r=2,c=false/false,a=HANDLING,uri=//localhost:51706/,age=283} 200 null HTTP/1.1 Date: Fri, 01 Jan 2021 04:21:35 GMT WWW-Authenticate: Negotiate oYH1MIHyoAMKAQChCwYJKoZIhvcSAQICom4EbGBqBgkqhkiG9xIBAgICAG9bMFmgAwIBBaEDAgEPok0wS6ADAgERokQEQtpZnCRCej2MpfcD4oGTteO70BdUVSdd7Y4o/hqCP7ZB6YcXORaqxcEHjVjRLCZk1MLueoDiUO/YQh2CruAbVWMIBaNuBGxgagYJKoZIhvcSAQICAgBvWzBZoAMCAQWhAwIBD6JNMEugAwIBEaJEBELaWZwkQno9jKX3A+KBk7Xju9AXVFUnXe2OKP4agj+2QemHFzkWqsXBB41Y0SwmZNTC7nqA4lDv2EIdgq7gG1VjCAU= Set-Cookie: JSESSIONID=node01mx0ketk9hfx2166mjptrygys60.node0; Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: application/octet-stream;charset=utf-8 {code} With the new ConfigurableSpnegoAuthenticator/LoginService, Jetty will automatically send back a JSESSIONID cookie and use that, as long as the provided "duration" for cookie validity is not exceeded. Pretty slick. We'll have to go through the other stuff that hadoop-auth does and make sure that we don't need anything else (like {{Secure}} or {{HttpOnly}} options on that cookie.). > Avoid SPNEGO re-negotiation for each request > -------------------------------------------- > > Key: CALCITE-4152 > URL: https://issues.apache.org/jira/browse/CALCITE-4152 > Project: Calcite > Issue Type: Improvement > Components: avatica > Reporter: Istvan Toth > Assignee: Josh Elser > Priority: Major > > When using SPNEGO authentication with Avatica, every HTTP request > re-initiates the negotiation, doubling the number HTTP requests. > Consider switching to cookies after the initial SPNEGO authentication > succeeds. > Jetty ticket that discusses the issue: > [https://github.com/eclipse/jetty.project/issues/2868] > Description of the Knox implementation > [https://cwiki.apache.org/confluence/display/KNOX/2017/02/24/Hadoop+Auth+%28SPNEGO+and+delegation+token+based+authentication%29+with+Apache+Knox] -- This message was sent by Atlassian Jira (v8.3.4#803005)