[jira] [Commented] (HADOOP-14640) Azure: Support affinity for service running on localhost and reuse SPNEGO hadoop.auth cookie for authorization, SASKey and delegation token generation

[Jitendra Nath Pandey (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085013#comment-16085013
 ] 

Jitendra Nath Pandey commented on HADOOP-14640:
-----------------------------------------------

[~snayak], Thanks for the patch. A few comments:

The AuthenthicationURL.Token doesn't provide any interface to determine 
validity or expiry time, and I believe that is the reason you are parsing out 
the expiry time from token string. It might be simpler if the SpnegoToken cache 
tracks its own cache-expiry time, set at the time of creation. We could 
typically configure it to be smaller than token expiry time. Keeping the token 
opaque at the client is a useful property. 

The check for expiry is {{expiryTime > System.currentTimeMillis() + 1000 * 60 * 
5L}}. Are you adding 5 minutes just to guarantee that token is always accepted 
when client thinks it is valid? If that is the case, I think, it might be 
better to have a re-try where token is re-fetched if call fails due to token 
expiry.

Minor:
Checkstyle in a few place:
1) Lines longer than 80 characters.
2) Indentation where index of local url is calculated.



> Azure: Support affinity for service running on localhost and reuse SPNEGO 
> hadoop.auth cookie for authorization, SASKey and delegation token generation
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14640
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14640
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>              Labels: security
>         Attachments: HADOOP-14640.1.patch
>
>
> Currently, {{WasbRemoteCallHelper}} can be configured to talk to comma 
> separated list of URLs for authorization, SASKey generation and delegation 
> token generation.
> To improve the performance, if service runs on the local machine, give it 
> first preference over the other configured list of URLs. 
> Currently, {{WasbRemoteCallHelper}} generates {{hadoop.auth}} cookie for 
> every request by talking to the remote service, before making actual rest 
> requests.
> The proposal is to reuse the {{hadoop.auth}} cookie for subsequent requests 
> from same {{WasbRemoteCallHelper}} object until its expiry time. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org