krishan1390 commented on code in PR #5443:
URL: https://github.com/apache/hadoop/pull/5443#discussion_r1139769817
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java:
##########
@@ -344,8 +345,9 @@ protected void updateDelegationKey(DelegationKey key)
throws IOException {
*
* @param ident ident.
* @return DelegationTokenInformation.
+ * @throws IOException raised on errors performing I/O.
*/
- protected DelegationTokenInformation getTokenInfo(TokenIdent ident) {
+ protected DelegationTokenInformation getTokenInfo(TokenIdent ident) throws
IOException {
Review Comment:
This method is not just a KV lookup but actually compares all attributes of
TokenIdent (maxDate, masterKeyId, owner, etc) - this is important because if we
provide just a KV lookup, any user can create a TokenIdent object with a random
key (sequence no) & get authenticated (RM just checks for presence of token for
authentication).
Corresponding change needs to be done in stateless secret manager
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
