Xiao Chen created HADOOP-13474: ---------------------------------- Summary: Add more details in the log when a token is expired Key: HADOOP-13474 URL: https://issues.apache.org/jira/browse/HADOOP-13474 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 2.6.0 Reporter: Xiao Chen Assignee: Xiao Chen
Currently when there's an expired token, we see this from the log: {noformat} 2016-08-06 07:13:20,807 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired 2016-08-06 09:55:48,665 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired 2016-08-06 10:01:41,452 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: AuthenticationToken expired {noformat} We should log a better [message|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L456], to include more details (e.g. token type, username, tokenid) for trouble-shooting purpose. I don't think the additional information exposed will lead to any security concern, since the token is expired anyways. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org