[ https://issues.apache.org/jira/browse/HADOOP-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115409#comment-14115409 ]
Alejandro Abdelnur edited comment on HADOOP-10911 at 8/29/14 4:30 PM: ---------------------------------------------------------------------- +1, pending jenkins. Greg, thanks for you patience and for doing all those combinations of scenarios in the tests. was (Author: tucu00): +1. Greg, thanks for you patience and for doing all those combinations of scenarios in the tests. > hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109 > --------------------------------------------------------------------------- > > Key: HADOOP-10911 > URL: https://issues.apache.org/jira/browse/HADOOP-10911 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.5.0 > Reporter: Gregory Chanan > Attachments: HADOOP-10911-tests.patch, HADOOP-10911.patch, > HADOOP-10911v2.patch, HADOOP-10911v3.patch > > > I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is > unable to authenticate with servers running the authentication filter), even > with HADOOP-10710 applied. > From my reading of the spec, the problem is as follows: > Expires is not a valid directive according to the RFC, though it is mentioned > for backwards compatibility with netscape draft spec. When httpclient sees > "Expires", it parses according to the netscape draft spec, but note from > RFC2109: > {code} > Note that the Expires date format contains embedded spaces, and that "old" > cookies did not have quotes around values. > {code} > and note that AuthenticationFilter puts quotes around the value: > https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439 > So httpclient's parsing appears to be kosher. -- This message was sent by Atlassian JIRA (v6.2#6252)