[prev in list] [next in list] [prev in thread] [next in thread]
List: hadoop-dev
Subject: [jira] [Created] (HADOOP-11330) KMSClientProvider should use PseudoDelegationTokenAuthenticator as t
From: "Dian Fu (JIRA)" <jira () apache ! org>
Date: 2014-11-24 16:33:12
Message-ID: JIRA.12757434.1416846789000.6776.1416846792621 () Atlassian ! JIRA
[Download RAW message or body]
Dian Fu created HADOOP-11330:
--------------------------------
Summary: KMSClientProvider should use PseudoDelegationTokenAuthenticator \
as the Authenticator when security is disabled to improve performance Key: \
HADOOP-11330 URL: https://issues.apache.org/jira/browse/HADOOP-11330
Project: Hadoop Common
Issue Type: Improvement
Components: kms, security
Reporter: Dian Fu
In the class KMSClientProvider, it connect with KMS with the following method:
{code}
private HttpURLConnection createConnection(final URL url, String method)
throws IOException {
HttpURLConnection conn;
try {
...
// creating the HTTP connection using the current UGI at constructor time
conn = loginUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
@Override
public HttpURLConnection run() throws Exception {
DelegationTokenAuthenticatedURL authUrl =
new DelegationTokenAuthenticatedURL(configurator);
return authUrl.openConnection(url, authToken, doAsUser);
}
});
} catch (IOException ex) {
throw ex;
} catch (UndeclaredThrowableException ex) {
throw new IOException(ex.getUndeclaredThrowable());
} catch (Exception ex) {
throw new IOException(ex);
}
...
}
{code} By default, DelegationTokenAuthenticatedURL will use \
KerberosDelegationTokenAuthenticator as the Authenticator. We can set \
PseudoDelegationTokenAuthenticator as the Authenticator when security is disabled to \
improve performance. This will reduce one authentication process between client and \
KMS server.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic