bharatviswa504 commented on a change in pull request #561: HDDS-1043. Enable
token based authentication for S3 api.
URL: https://github.com/apache/hadoop/pull/561#discussion_r263090394
##########
File path:
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java
##########
@@ -327,6 +336,37 @@ public boolean verifySignature(OzoneTokenIdentifier
identifier,
}
}
+ /**
+ * Validates if a S3 identifier is valid or not.
+ * */
+ private byte[] validateS3Token(OzoneTokenIdentifier identifier)
+ throws InvalidToken {
+ LOG.trace("Validating S3Token for identifier:{}", identifier);
+ String awsSecret;
+ try {
+ awsSecret = s3SecretManager.getS3UserSecretString(identifier
+ .getAwsAccessId());
+ } catch (IOException e) {
+ LOG.error("Error while validating S3 identifier:{}",
+ identifier, e);
+ throw new InvalidToken("No S3 secret found for S3 identifier:"
Review comment:
Now if InvalidToken is thrown as an exception during invalid/malformed
header, then how this will be thrown to the end user s3 request? I don't see
any code for it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
