[
https://issues.apache.org/jira/browse/HADOOP-10416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13945691#comment-13945691
]
Tsz Wo Nicholas Sze commented on HADOOP-10416:
----------------------------------------------
> With the patch, no matter anonymous is enabled or not, user will be
> authenticated by the (expired) token.
This is the similar to "no matter anonymous is enabled or not, user will be
authenticated by the value of user.name parameter, if it presents in the
request."
I should mention the following case:
- If client does not provide a token in the request, the patch does no change.
> If there is an expired token, PseudoAuthenticationHandler should renew it
> -------------------------------------------------------------------------
>
> Key: HADOOP-10416
> URL: https://issues.apache.org/jira/browse/HADOOP-10416
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Tsz Wo Nicholas Sze
> Assignee: Tsz Wo Nicholas Sze
> Priority: Minor
> Attachments: c10416_20140321.patch, c10416_20140322.patch
>
>
> PseudoAuthenticationHandler currently only gets username from the "user.name"
> parameter. It should also renew expired auth token if it is available in the
> cookies.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
